Google finally hides passwords from snoopers in new builds of Chromium

Google Chrome logoGoogle's Chrome team recently came under fire for its long-held practice of making saved passwords visible in plain text. If you hand your computer to a friend or leave it unguarded and unlocked, the friend or a passerby could go into Chrome's settings and view any website passwords you've saved without typing in your system password.

Chrome still makes passwords viewable in plain text by default, but the latest build of Chromium for Mac—the open source browser from which Chrome draws its code—gives users a new way to protect their passwords. If you type chrome://flags into the address bar, you'll find this.

If you enable password manager reauthentication and then restart the browser, the next time you view your list of passwords you'll be prompted to enter the system password before being allowed to view them in plain text:

Google finally hides passwords from snoopers in new builds of Chromium

We described Chrome's method of displaying passwords in June in a feature on password management, noting that Firefox allows users to create master passwords to protect their login data from snoopers, while Internet Explorer simply doesn't provide snoopers an easily accessible list of passwords. Safari protects passwords with the OS X password.

Chrome has been doing things this way for years, but a controversy flared up in August after some reporters noticed the browser's method of displaying passwords and wrote about it. Google Chrome security engineer Justin Schuh defended the practice on Hacker News, saying, "The simple fact is that you need to lock your user account if you want to protect your information. If you don't do that, nothing else really matters because it's all just theater and won't actually stop anyone willing to invest minimal effort."

The new option to protect passwords in Chromium was contributed to the browser project two weeks ago by Google employee and Chrome developer Patrick Dubroy. The feature gained some wider attention after being described this morning on Google+ by Google employee François Beaufort. It seems to only be available on the Mac version of Chromium for now, but this may be the first step toward adding the protection to the main builds of Chrome. We've contacted Google to see if it will disclose any plans for adding the feature to Chrome, but we haven't heard back yet.

Source: Ars Technica

Tags: browsers, Chrome

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Jaqueline#10 0
I've seen similar ritsricteons but still consider the security sufficient ifa) you have some random login number that you write downb) your account gets blocked after 3 tries.If the login number was your account number it could be used for denial of service, so I prefer a random number.Of course someone could still steal your hashed password from the bank and brute-force it which is easier for simple password.But then this is not much easier than installing a trojan, staging a man in the middle attack or sniff your password by other means.
Reply 
Jaqueline#20 0
I've seen similar ritsricteons but still consider the security sufficient ifa) you have some random login number that you write downb) your account gets blocked after 3 tries.If the login number was your account number it could be used for denial of service, so I prefer a random number.Of course someone could still steal your hashed password from the bank and brute-force it which is easier for simple password.But then this is not much easier than installing a trojan, staging a man in the middle attack or sniff your password by other means.
Reply 
Jaqueline#30 0
I've seen similar ritsricteons but still consider the security sufficient ifa) you have some random login number that you write downb) your account gets blocked after 3 tries.If the login number was your account number it could be used for denial of service, so I prefer a random number.Of course someone could still steal your hashed password from the bank and brute-force it which is easier for simple password.But then this is not much easier than installing a trojan, staging a man in the middle attack or sniff your password by other means.
Reply 
Khan#40 0
por favor vuelvan a poner la vieja<a href="http://zjswolg.com"> vioesrn</a> de "nueva pestaf1a" con la barra de marcadores. En la nueva versif3n no se puede abrir todo el contenido de una carpeta en marcadores con todas sus pe1ginas en un solo click
Reply 
Khan#50 0
por favor vuelvan a poner la vieja<a href="http://zjswolg.com"> vioesrn</a> de "nueva pestaf1a" con la barra de marcadores. En la nueva versif3n no se puede abrir todo el contenido de una carpeta en marcadores con todas sus pe1ginas en un solo click
Reply 
Khan#60 0
por favor vuelvan a poner la vieja<a href="http://zjswolg.com"> vioesrn</a> de "nueva pestaf1a" con la barra de marcadores. En la nueva versif3n no se puede abrir todo el contenido de una carpeta en marcadores con todas sus pe1ginas en un solo click
Reply 
Roop#70 0
Instant is enabled by defualt now? I have Instant turned off in Chrome 15, but the browser just updated to v16 and Instant is on (I know I can turn it off). http://gizukccsxib.com [url=http://curkoeydzm.com]curkoeydzm[/url] psbhzfkgj
Reply 
Roop#80 0
Instant is enabled by defualt now? I have Instant turned off in Chrome 15, but the browser just updated to v16 and Instant is on (I know I can turn it off). http://gizukccsxib.com [url=http://curkoeydzm.com]curkoeydzm[/url] psbhzfkgj
Reply 
Roop#90 0
Instant is enabled by defualt now? I have Instant turned off in Chrome 15, but the browser just updated to v16 and Instant is on (I know I can turn it off). http://gizukccsxib.com [url=http://curkoeydzm.com]curkoeydzm[/url] psbhzfkgj
Reply 

Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)