undefined | Better HN

0 pointsinterpol_p12y ago0 comments

Safari also tells me it is saving my passwords. Yet to explicitly unmask my passwords from the settings screen at a later date it requires my Keychain password.

They both use the word "save" to denote this functionality.

I don't think you understand why this difference in behaviour is important.

0 comments

wglb12y ago

So do you expect the browser to prompt you for the master password each time it is about to autofill credentials on a web page?

interpol_pOP12y ago

No, and that is because there is a significant difference between a user unmasking the password through DOM manipulation and browsing a settings page. Please realise that the former behaviour requires more malicious intent.

I expect some level of security to stop people browsing my passwords casually, which Chrome allows in its current design.

I am not talking about fending off determined attackers, I am talking about levels of trust that you place in friends and coworkers. Chrome lowers the barrier-to-access by design.

The simple fact is: there are people I would trust using my computer who would never actively try to circumvent my security to read my passwords, but I would not trust them not to take a peek at my Chrome settings page passwords.

j / k navigate · click thread line to collapse