Chrome lets you create a separate password for Google's synced data (read: stored passwords).LastPass has an option to stay signed in on a trusted computer.There are two additional facts that are relevant here: I've been using LastPass under the assumption that it is better and safer than using Chrome's built-in password manager. Because in effect, that's really what they get. When you grant someone access to your OS user account, that they can We've debated it over and over again, but the conclusion we alwaysĬome to is that we don't want to provide users with a false sense of Password or something similar, even if we don't believe it works. We've also been repeatedly asked why we don't just support a master There are just too many vectors for him to get what he wants. Once the bad guy got access to your account the game was lost, because Or install OS user account level monitoring software. Install malicious extension to intercept all your browsing activity, Said bad guy can dump all your session cookies, grab your history, Within the OS user account just aren't reliable, and are mostly justĬonsider the case of someone malicious getting access to your account. Beyond that, however, we've found that boundaries So, Chrome uses whateverĮncrypted storage the system provides to keep your passwords safe forĪ locked account.
Your password storage is the OS user account. I'm the Chrome browser security tech lead, so it might help if IĮxplain our reasoning here. Justin Schuh defended Google's reasoning in the wake of this post detailing the " discovery" (sic) that passwords saved in the Chrome password manager can be viewed in plaintext.
0 kommentar(er)
