Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 429 users

Comments by non-members will not trigger notification emails to users who starred this issue.
Status: Duplicate
Merged: issue 53
Owner: ----
Closed: Oct 2009
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Restricted
  • Only users with Commit permission may comment.



Sign in to add a comment
Master password is missing
Reported by chandras...@gmail.com, Sep 5 2008 Back to list
Master password setup is missing where we can authenticate the used to show 
the stored passwords.
 
Labels: -private -Security -Pri-0 -Type-Bug Pri-2 Type-Feature
Keeping this bug private does not make our users more secure.
Duplicate of Issue 53. (Not sure I agree with marking Issue 53 as WontFix though.)
If its not going to be fixed then atleast chrome should not display the stored passwords.
Master password is important security feature to make the browser personal. If the
feature is missing then the browser will fail to make people to do personal browsing.

Now-a-days its very difficult to keep all the password in mind. So most of the people
are using firefox master password facility to store all the details. For me this is a
important feature to have it browser. 
Comment 5 Deleted
Comment 6 by ben@chromium.org, Sep 6 2008
Labels: -Area-Unknown Area-BrowserUI
Comment 7 by dabre...@gmail.com, Sep 7 2008
This is a really important feature.
Comment 8 Deleted
This is a security issue.

It should be of the highest priority to require some kind of authentication in order 
to access the stored passwords. I also think it goes without saying, the stored 
passwords should be encrypted.

The method can be non-intrusive, for example some type of authentication upon initial  
start of the browser. Even a popup number pad, to quickly enter a pin number would be 
sufficient.
Comment 10 by Deleted ...@, Sep 13 2008
This is a deal breaker until addressed, too bad, otherwise an outstanding beta 
release. I'm sure it will be addressed soon, very obvious need.
Comment 11 by Deleted ...@, Sep 17 2008
I agree, a complete deal-breaker, as I cannot use this browser for day-to-day stuff 
until this is implemented.
Comment 12 by Deleted ...@, Oct 3 2008
virus have access to our password if not encrypted .. so you can't save password
until this is implemented.
Comment 13 by lin...@gmail.com, Oct 3 2008
@r.dechenaux: For viruses there will always be ways to get your passwords. Encrypting
them on disk doesn't help if they will still be in RAM in cleartext.
Comment 14 by Deleted ...@, Oct 3 2008
I agree that this is a very important feature. While testing out Chrome, I was happy 
overall, but this was the only reason I could not use it as a primary browser as I 
(like everyone) I have too many passwords to remember and rely on a master password 
feature heavily.

To be honest, it came as a shock when a friend of mine was reading out my passwords.
Comment 15 by Deleted ...@, Oct 4 2008
Same here. I rely heavily on master passwords when I surf the internet. And the 
absence of the master password is the only missing thing in google chrome. All the 
other things are really good.But this is a big bug since without the master password, 
I cant even start to use chrome for my daily surfing.
Comment 16 by Deleted ...@, Oct 16 2008
I liked the interface but missing Password Manager Master Password has put me down
and I am now looking at Firefox skins to make it look like chrome... What a shame...
Guys, Is there a comment from google on this. The encryption of passwords in RAM and 
a master password is a real necessity. Also I think the master password should be 
prompted only when a password stored site is accessed, probably every time from 
absolute security point of view. 

Any views on this.
This is interesting. Security Now (Steve Gibson / Leo Laparte) talked about Chrome
quite a bit in a recent episode (www.grc.com). I was shocked to hear that the saved
passwords are stored in plain text. I was also stunned when I realized that I didn't
have a master password protecting my saved passwords. It would be nice to ask the
user "would you like to create a master password or key file to protect your private
information?".  There is the implicit trust of a multi-user OS, which seems "good
enough for me" to not have a master password, but so many people don't use the
multi-user capabilities of their OS.  At least encrypt the stored passwords. I would
like to see a master password eventually.
Comment 19 by Deleted ...@, Nov 3 2008
A master password is absolutely essential for a modern browser.  Without a master 
password, all of the benefits of using Chrome essentially get flushed down the 
toilet.
Comment 20 by Deleted ...@, Nov 5 2008
Except for not having a Mac OS X version, this is the mayor show stopper for me as well.
Comment 21 by Deleted ...@, Nov 6 2008
Like the browser, would probably use it as default IF IT HAD A MASTER PASSWORD
Please add the master password feature.
Comment 23 by sutea...@gmail.com, Nov 25 2008
if it had no master we can not save all most password.
Comment 24 by jspea...@gmail.com, Nov 30 2008
Until this issue is addressed, I will not be using chrome nor will I allow it to be 
used in my company.  For those arguing that this is just 'security through obscurity' 
you are fundamentally wrong and are truly missing the point.  Someone having access 
to my Windows account, for whatever reason, should not mean that they should get 
simple and unauthenticated access to *every password on every system that I save in 
chrome* and also get the ability to see/copy them for their own use.  This is just 
too easy a target for too large a risk with too easy a solution:  1) allow the 
setting of a master password that is used to encrypt the password store.  2) Allow 
the user the ability to set the time period before re-requiring authentication to the 
password store. and 3) Absolutely always require re-authentication to the password 
store when the user requests to see the passwords.
Labels: Security
Status: Untriaged
I'm confirming this issue as there is indeed no master password.

jspeavey, would you consider this issue addressed if there was a master password in 
the browser UI but someone could circumvent the master password by using sqlite on 
the command line to look at the password store directly?
Comment 26 Deleted
Hey abarth@chromium.org,

what a useless question are u asking!!!! security means, secure as far as possible, 
what is the use of dummy master password, if that is viewable by using simple third 
party utility? I bet u are not from chromium team!... I mean u can't be!..I mean come 
on why would u ask such a stupid question?
No abarth@chromium.org, we need a master password system like the one available in 
Firefox.
It seems the master password in Firefox can also be circumvented using a command line 
utility:

http://www.security-hacks.com/2007/05/16/firemaster-recover-firefox-master-password

For more context about this issue, see:

http://code.google.com/p/chromium/issues/detail?id=53#c13
Labels: Mstone-X DesignDocNeeded
Status: Available
Abarth, from my understanding - the firefox utility you reference *does not*
circumvent the Firefox master password, it is simply a brute-force guesser no
different than any other dictionary/hash guessing tool like JTR or LC but targeted
for Firefox's encrypted store.  There is no reference to any particular weakness in
the symmetric encryption technique used by firefox nor any shortcut to
retrieve/regenerate the master password.

But to answer your straw-man anyway, no, I would no consider this issue addressed if
there was a master password in the browser UI but someone could circumvent the master
password by using sqlite on the command line to look at the password store directly.

This is an issue and a security risk.  Someone walking away from their computer
without locking it should not consequently put at risk every single account/password
they have saved in chrome; this turns a small security risk into an extremely large one. 



> This is an issue and a security risk.  Someone walking
> away from their computer without locking it should not
> consequently put at risk every single account/password
> they have saved in chrome; this turns a small security
> risk into an extremely large one. 

Someone who walks up to your unlocked computer can just install a rootkit+keylogger.  
There is nothing the browser can do to protect you from someone with physical access 
to your machine.

Comment 33 by Deleted ...@, Dec 11 2008
I used Firefox also to store my passwords site related straightforward, so this is a 
very important feature. 
In firefox you can also type in the webpage and get the related password.
BUT PLEASE ONLY WITH MASTER PASSWORD;
Maybe not the savest but it's the FIRST BARRIER!!!!!! 


Comment 34 by Deleted ...@, Dec 15 2008
I uninstalled Chrome several months because of the lack of a Master Password. Imagine
my dissapointment when I downloaded the recent "Gold" version and found that the
Master password STILL has not been implemented. I'm going to uninstall it again.

Another dealbreaker is the lack of an Ad Blocker. I'm so spoiled by Firefox's Ad
Blocker Plus extension, that I was horrified at the all the annoying ads on my fav
sites when I viewed them in Chrome.
Comment 35 by Deleted ...@, Dec 17 2008
This can be assigned as a security issue for one reason. On office networks, usually 
the WinXP administrator password is something like 'admin' or 'admin123', or even 
'companyname'.

In this scenario, for a small cracker in the company, it's easy to mount the default 
\\computer\C$ share specifying the user COMPUTER\administrator and the default well 
known password.

Mounting the C$ share it's possible to surf to all Application Data and Default 
Settings in Documents and Settings. It's even possible to copy the files that Chrome 
stores in that folder and copy to the cracker machine, and execute Chrome with the 
settings and the passwords of the victim. A master password wouldn't be able to 
prevent this "steal", but would at least not show the passwords.

The master password needs to prevent also from putting it in a web page, cause it's 
very easy to configure the hosts file to point mail.google.com to localhost, making a 
small php page that reads username and password and shows after the submit.

To add my own tuppence, and possibly sway the course of the discussion:

By analogy: If I install a lock on my business's front door, I do so in expectation that the lock won't 
be circumvented except by the determined lawbreaker. Likewise, if I install a lock on my storeroom door, 
I do so in expectation that those who already have access to my business's premises will not circumvent 
the lock, -despite- the fact that I have already implicitly denied access to an attacker by way of the 
front door lock. If someone takes a "bump key" or a lockpick gun to my locks, there's little I could have 
reasonably done to protect against the breach (other than getting stronger locks), but that wasn't the 
original intent of installing the second lock.

There's an old adage: locks keep honest people honest. If I've already granted (or been forced to grant) 
someone access to my business (or my computer), the intent of the lock on my storeroom door (or password 
safe) isn't to rebuff an attack, it's to keep random passersby from poking around my storeroom without my 
knowledge and lifting something that isn't theirs. As such, the intent isn't to make the storeroom -
secure- so much as keeping it -private-. 

I'd suggest that this isn't so much a security issue as it is a trust issue. You may trust someone to 
have access to your computer without trusting them with your passwords, but this doesn't automatically 
mean that person is an attacker. Granted, the potential is there, but in most instances where I'm going 
to be trusting someone with access to my computer, I'm not necessarily going to want to give them 
unfettered access to my passwords as well. As an example, what percentage of the Chrome-using population 
is going to need to take their computer into Best Buy or Circuit City (or Future Shop or whatnot) and 
have someone fix it? What percentage of the technicians fixing those computers are going to take the time 
to brute-force a password on company time? How many passwords would be protected from prying eyes just by 
implementing a "privacy screen" over the password store?

I should add that I didn't use a Master Password in Firefox until I checked the password list there and 
noted how easy it is to view passwords in plaintext. The simplicity of the process whereby someone can do 
likewise in Chrome makes it easy to stumble across someone's login information, possibly without even 
intending to. What users like me are asking for isn't a fire safe. It's a diary lock: easy to break, but 
keeps your little brother from reading your innermost thoughts.

Comments are welcome; I'm interested to see the other side of this particular coin.
Comment 37 by dabre...@gmail.com, Dec 18 2008
you couldn't have expressed the issue in a better way amandel.seril
Could we just have a master password unlock based on a Google Account ?
(at least if the master password on computer A is compromised, it would be easy to 
block access to the other pwds)
Issue 6185 has been merged into this issue.
Comment 40 by Deleted ...@, Jan 26 2009
master password option is missing so priority should be given to it.so please anyone 
say whether i was wrong
Comment 41 by prog...@gmail.com, Jan 26 2009
ow i have a better idea
make this issue read-only just like the addon-system issue :)
Comment 42 Deleted
Comment 43 by Deleted ...@, Feb 5 2009
I suggest there should be login & logout system for the master password. And also an 
option that whether or not it is logged out when a chrome session is over. It should 
be that we manually logout if we are going to handover our pc to a colleague.
Putting comment #36 into a more technical view: Nobody should be able to see my
stored passwords unless they either know my master password (not stored anywhere on
the disc, not even encrypted), or they are installing specific malware or my computer
(which demands a certain amount of both knowledge and criminal energy, and which of
course includes the risk of being caught in the act).

Implementation suggestion: 

- introduce a check box called 'Use Master Password' in the settings.
- if the check box is off, do everything the same way like now.
- if the check box is checked, do the following:

* let the user type in a master password. Do not store it anywhere on the disk.
* use a symmetric encryption algorithm to encrypt all passwords using this master
password.
* store the encrypted passwords in exactly the same way as you are currently storing
the unencrypted passwords, i.e. use the Windows encryption on the already-encrypted
passwords.
* during subsequent sessions, the first time Chrome needs to access a stored
password, the user is prompted for the master password (which is then kept in main
memory, accessible by malware, but malware can ultimately access everything anyway).
* on every user interaction which would show a password as clear text to the user,
the user will be required to re-enter his master password.

Please consider adding this (or something similar in the spirit of comment #36) as
soon as possible. I personally do not know anybody who is currently using Chrome, but
to 100% of my colleagues and friends who were basically interested, this issue was
/the/ show-stopper. Myself, I'm yet another 'Unhappy Firefox User Until This Issue Is
Resolved'. :)

Wolfgang: You seem to have a strong technical grasp of this issue.  The next step in 
moving this bug forward is to create a design doc (hence the DesignDocNeeded label).  
You can find examples of design docs for other features at http://dev.chromium.org/developers/design-documents.  Once we have a design doc, we 
can review the doc, provide constructive feedback, and break the feature up into 
smaller chunks that can be implemented.
I will start a design doc, which will contain some gaps in areas in which I'm not
sufficiently expert. The doc will be published here, with experts being invited to
fill the gaps. Allow me some time for this, though - I'm not currently a Chrome User
and have to do some research. As I'm told, this issue isn't going to make it into
Chrome 2.0 anyway, so I hope the delay of the doc won't cause too much of a problem.

The first version of the design doc is finished and can be viewed here:

http://docs.google.com/Doc?id=dhn2skdg_1fwvbb3cb

@abarth: please organize some people to fill the gaps in the chapters 3 and 5, and
possibly some graphical designer who will replace the chapter 4 sketches by nice
screenshots. Please tell me via email who was appointed by you, so that I can grant
them write access to the document.

Thanks.  I'll take a look at the doc.  I can't really "appoint" people to help out 
with this feature.  If you want this to happen, you're going to have to drive the 
process.  I'll provide some more technical feedback once I review the draft.
Issue 8896 has been merged into this issue.
I don't know about everyone else but since I started University my
"personal" computer lost its personal. I have friends staying over,
teammates coming for meetings and I think is a little too paranoic to
set a passwored screen saver while I go to the bathroom so I think a
master password you have to type before clicking "Show my passwords"
should work great. I don't think is so hard to implement, it improves
security and people that does't need one can just take it out
somewhere in options. What do you think?


Benjamín Betanzos
IT student at ITESM, México.
ya same here 
 even i'm a home user i prefer ideas like master password,or different password protected user login.because my sister is an MBA student and she uses chrome for 
mostly study purpose. I in other hand entirely opposite.so it is good to have different user login so that she can manage her own bookmark,cookie,history etc.
with ease and me with mine
Comment 52 by Deleted ...@, Mar 26 2009
We the hairy masses obviously want a master password. So, what is happening about it?
Can we expect this feature in the next release? Does anyone know of it's status on 
being included.? IS THERE ANYBODY LISTENING?
I recently went through the design doc and I would like to add some screen shots to the master password set, 
change and remove process. Who do I ask for permission to modify this document?
@DarkHeath: since abarth has not yet assigned anybody for any of the open points, you
can ask me. Please use email: my username @gmail.com.

Hi Wolfgang.  Sorry I haven't reviewed the design doc yet.  I'll get to it soon.
Comment 56 by sebbe...@gmail.com, Mar 27 2009
In fact, going even further, I'd love to see chrome asking for my Google Account 
credentials before allowing access to any saved password. (so that even relatives 
couldnt use them). I think it would be even more flexible than a standalone 
masterpassword.

In fact I think that idea is quite good, that way the master password would be stored 
somewhere outside the computer increasing the security and would give lots of space for 
browsing customization between users like browser color, tabs color, home page, startup 
configuration, etc.
I read in topic http://groups.google.com/group/chromium-
discuss/browse_thread/thread/f72e54c1b3a95f55?hl=en
about being able to manage your saved form data and I make me think that one of the 
customization things I was talking about in my previous comment could also be, 
different saved forms for different users. What do you think?
Comment 59 by too...@gmail.com, Mar 28 2009
A bit of history.  I have tried Chrome numerous times and liked it every time other 
than all of my passwords are plain text.  This drives me back to Firefox.  Just 
installed the last dev version...same problem.  Very disappointing.

Just read the design doc and it seems pretty thorough (with the exceptions noted in 
the doc of course).  

One thing I would add is the ability to specify whether the 'entered master password' 
is good for the session, or for a certain time.  If the users sets the timeout to be 
say 60 minutes, then after 60 minutes of not accessing the encrypted password 
database, the master password is deactivated and a subsequent access prompts for a 
password again.  I would also add another option of 'every time' so that if it is 
going to autofill a password that is in the encrypted database, it prompts for the 
master password.

Basically implementing exactly what FireFox has would be the ideal as that feature 
has received a lot of attention over the years and is pretty robust and functional 
now.

I am willing to put in effort to help move this feature implementation forward so if 
there is anything I can do please someone let me know (architecture, programming, or 
design).

Cheers
Comment 60 by too...@gmail.com, Mar 30 2009
A comment on #56.  

What about people that do not have Google Accounts?  I would not like to see this 
limited or tied in any way to forcing someone to get an account somewhere online.

A local password that handles a local encrypted database ala firefox is the way to do 
it imho.
Comment 61 by sebbe...@gmail.com, Mar 30 2009
What about a MasterPassword that could be local-only, OR sync'd with a Google Account.
Comment 62 by dabre...@gmail.com, Mar 30 2009
#60, "What about people that do not have Google Accounts?"

are there really people that dont have a google account these days? especially people 
that are using a browser like Google Chrome.. integrating Google Accounts into Google 
Chrome sounds perfectly normal to me
Comment 63 by clive...@gmail.com, Mar 30 2009
I'm sure there are lots of people that agree that a web browser should function just 
as well offline as it does online. I for one would prefer my browser to be completely 
autonomous from any online service and I wouldn't be comfortable with my passwords 
being stored online anyway. I agree that a master password should definitely exist 
but it should work regardless of whether an online account exists or can be verified 
at a given time. Online synchronisation is what plugins are for. I'm sure someone 
will come up with something that can do something similar in the future but that's 
not something that should be forced upon users.

On a side note, all Google Chrome functions should be fully available to anyone, 
regardless of whether they have a Google account or not. Some people prefer not to 
sign up to every single online service that exists and they shouldn't be forced to. I 
believe that Google Chrome would lose some support if it forced this.
Comment 64 by too...@gmail.com, Mar 30 2009
Is any movement happening now that a design document is out?  What is being waited
for on this issue?  Someone to take it?

Commenting comment #64: Yes, work is currently being done. DarkHearth has obtained
permission to modify the design doc so that he can add screenshots, and abarth is in
the process of reviewing it in order to determine next steps.

As for the idea of using a Google account password as a master password, I'm with
clive386 (comment #63). Maybe a feature like that can be added in the future, but it
would raise lots of additional issues, among them severe security issues. Doing the
local master password - which is needed anyway - really is difficult enough for now.
Let's get this done and care about online extensions later. :)

Well, I wasn't trying to force the google account as a master password, just an extra 
feature you know? A simple check box 'Use Google Account' while setting a master 
password would suffice to me and I really don't see that much of a problem on 
programing it.

About the document, university is keeping me busy but expect the screenshots in the 
document by this time next week. =)
Comment 67 by too...@gmail.com, Mar 30 2009
Does the chromium runtime already have a database system in place that can be
leveraged?  I would assume so since I saw some signs of it in my SVN sync.

Just curious
Comment 68 by sebbe...@gmail.com, Mar 30 2009
I'm all agree with comment 66.
comment 67> database system ? Like Gears maybe?
Issue 9741 has been merged into this issue.
Comment 70 by stpa...@gmail.com, Apr 15 2009
There should be an easy way to end your "master password session" without actually 
closing the browser. 

Consider the following scenario: you opened the browser, entered your master password 
and started your happy browsing. At some point when you have multiple tabs opened and 
you really don't want to close them, your friend or a family member asks to borrow 
your computer for a minute to check email for example. Ideally, in such situation 
you'd just want to press one button somewhere so that master password is not 
considered entered anymore, and then you can share your computer without all the 
confusion caused by (for example) the browser automatically logging into your mail 
account. 
@stpasha: I agree, so I just added this feature to the design doc (see new final
paragraph of the section 'Setting the master password').
@wolfgang: Notes on the design doc:

1) AES-128 should be sufficient.

2) I don't we should worry about a password strength indicator.

3) I'm not sure whether we should use inline entry of passwords in the option dialog 
or use another dialog.  Why did you choose this design?

4) Using the infobar to enter the master password is a bit sketchy.  The infobar is 
drawn in a location that can be spoofed by web content.  We certainly don't want the 
user giving their master password to a web site.  Can you think of a more secure UI 
for entering the master password?

5) The discussion about the Web inspector is bogus.  You can read the value of the 
password field by typing JavaScript URLs into the address bar.

6) I couldn't find the section in "User Interface Design" that explains how the 
master password interacts with actually filling the password into Web pages.

This is a great start.  Thanks for writing this design document.
Issue 11050 has been merged into this issue.
Comment 74 by Deleted ...@, May 1 2009
What about a checkbox to prompt for master password when user tries to install an 
Extension?  I'd like such a feature to prevent others from installing Extensions in 
my Chrome browser.  But have it be an option for those users who don't wanna be 
prompted every time they install an Extension.  Of course if the option is set, then 
unsetting it should require entry of the master password.  

I suppose a similar feature could be applied for changes to any Option or Bookmark.  
For example, maybe I don't want my son to get on and add a bunch of Bookmarks to my 
browser.  Or I don't want him messing with my Options.

Anyway, just a thought.  The design doc looks good as it is and I'd rather you focus 
on getting that working before adding too much feature bloat.

Thanks for the hard work on this guys.  I just tried Chrome today for the first time 
and LOVE the speed and look.  My biggest obstacle to switching to Chrome from FF3 is 
the lack of Master Password.  Implementing the design as it is documented today would 
win me over.

@abarth, comment #72:

1) AES-128 should be sufficient today, but I'm not sure about the near future. Have
you consulted this with encryption experts (I am no such expert)? Have you consulted
with your lawyers whether AES-128 would cause any legal trouble when exporting?

2) I would like to keep the password strength indicator. It's simply good style to
have one. There are way too many people out there who have no idea about insecure
passwords. As I see it, omitting the indicator would be a little bit like omitting
the online help.

3) and 4) The design was chosen this way to make sure that nothing 'gets into the
way'. I understand that this is a major feature of the Chrome UI. But of course, I
have no real knowledge about Chrome UI design dogmas, so please feel free to change
this in whichever way seems desirable to the Chrome team.

Spoofing certainly is a valid security issue (the Firefox solution is also affected
by this). But any fully safe solution would have to operate within a space already
used by Chrome's own UI. I don't know whether the Chrome team would be willig to
sacrifice any such space, even temporarily. Also, I think that the spoofing danger is
not too high because the user generally knows when the master password should be
entered. Anyway, I cannot decide this. Please consult with the Chrome UI project
management whether there is any space which they would be willing to sacrifice for this.

5) I disagree. Any person with technical knowledge can of course do whatever he wants
as soon as they have access to your computer. The master password cannot protect the
user from such sort of action anyway. But as it is now, your friend sitting in front
of your computer can accidently run into your passwords without intending to, just be
trying some of those cool Chrome menus. I still believe that this is a major security
flaw which should be fixed. Not necessarly by means of the master password, but it
really should be fixed.

6) This information is not part of the section 'User Interface Design', but part of
the section 'Auto-fillig Forms'. There's nothing fancy about it: if a valid master
password has been entered in the 'rolldown line', Chrome behaves in exactly the same
way like today. As long as this has not happened, Chrome will not auto-fill any
passwords. End of story. :)

@slvjerome, comment #74: I understand your concern, but I would not like to use the
master password for this sort of protection. If your friend who's using your computer
is installing anything you don't like, you have a problem anyway. He could even
install applications, including viruses. If you let other people use your computer,
you should assume that they are not malevolent and know at least a little bit what
they're doing. But even such people should not accidently get access to web
applications which usually require your personal login, and they should not be able
to see your stored passwords just by clicking around. This is what the master
password is for.

Comment 76 Deleted
Comment 77 Deleted
I'd like to see Chrome as some kind of browser-OS. I.e: when I open Chrome, it should
ask for a 'User' and a master password and then load all my add-ons (when
implemented), my selected theme, passwords, bookmarks, etc. This feature would be
very useful when multiple users use the same OS and thus the same browser (most of
the times), which is pretty common.
Comment 79 by rcdai...@gmail.com, May 31 2009
@gabriel

Chrome need not reinvent the wheel. Operating systems already have a "home" directory 
for every user, so once you log into the OS itself, you've basically done all that is 
necessary to access your specific profile data for the browser. For example, if user 
Jen wants to browse the web, she logs into the OS using her username/password and then 
starts Chrome, which will then access data in her home directory and retrieve her 
saved passwords, bookmarks, and other personal information.
I definitely +1 on Gabriel's idea, Chrome doesnt need to reinvent the wheel, but if
it was a great cloud-computing tool that'd be even better.
Having a profile on one computer (and all the data : bookmarks, theme etc) is the old
way to think, what if the computer crash ? or you need to have your session just from
a cybercafe?
That's were chrome should help, having 2way sync with any online service should be
something available (would it be google bookmarks, or delicious or whatever), cloud
computer simplify things on the backup/ease of access for users, I can't see why the
browser should be an exception. 
@sebbe

What about people with no internet access, or limited internet access? Also consider 
bandwidth, there's still a large percentage of people on dialup or high-latency 
connections such as satellite.

I don't think that the OS's way of maintaining accounts and users is necessarily "the 
old way". I think it's a consistent and central approach that has been proven to work 
on multiple operating systems. The way you're talking about doing it would require me 
to maintain login information for multiple applications, including the OS and the 
browser.

A central login is the most convenient solution. I don't like the idea of turning my 
OS into a series of websites that each require a login. That's just silly.
This doesnt have to be mandatory of course, and for latency, remember there's Gears 
which handle this pretty well.
How consistent it is for someone that has say different version of Windows (XP vs Vista 
vs 7... not to mention the non-windows)
SSO is great, but introduce higher requirements to (even on the user side, as for 
password complexity... but that's a different story)
You're getting into portability issues now, which is something the internet alone isn't 
going to fix. Not all applications and configurations are available between all 
platforms and architectures, and thus you cannot possibly make all "user data" 
available online, since some of it would be practically useless on other platforms.
Of course, I was not talking about "all apps", just about chromium and gears
Issue 4858 has been merged into this issue.
Comment 86 Deleted
Comment 87 Deleted
Comment 88 by dhw@chromium.org, Jun 20 2009
Issue 53 has been merged into this issue.
Comment 89 by Deleted ...@, Jul 13 2009
I couldn't use Chrome on my netbook even if i want it to use so much because there is
not any master password and i don't want to use third party applications to store my
passwords if there is a browser with this feature. 

I believe that is easy to implement into Chrome but i couldn't understand it is dev.
version 3.0.193.0 (20299) but there is not anything about master password.

Is this a security issue? Not a major one but yes this is a security issue so we need
chrome team to fix this issue as soon as possible.
Comment 90 by sebbe...@gmail.com, Jul 13 2009
What about an OpenID account for the MasterPassword?
Comment 91 by Deleted ...@, Jul 15 2009
Chrome needs a master password before I switch from FF.
Add label: Assigned or Remove Owner.
Remove label: Cc: abarth@chromium.org (if you assign to yourself).
I'm not actively working on this at this time.
Indeed, this is not a security problem but a trust problem so let's think about a 
solution, which doesn't overload the capacity of the main users!

But for some reasons improvements are really needed.

For example, if you want to use chromium portable on different versions of OS, the 
passwords are not shown on both systems. This is very annoying and there has to be at 
least an optional way to access the passwords from outside your default OS. To access 
it (viewed from current security restriction) it would be enough to be asked for one 
arbitrary password of one of your websites to "identify" yourself as entitled.

We don't need a master password, but a fast access to the passwords from different 
OS-versions. The security model of firefox has an important error. It should never be 
possible to access to passwords without any permission. So actually it would be 
enough to create a system to authenticate from outside your account.

[...]
Issue 20058 has been merged into this issue.
Status: Assigned
That bug should not be restricted view but that means we need to remove the Security 
flag. :( I assume it's not a big deal?
Not the security flag, but rather the RestrictView-SecurityTeam flag. For some reason 
that's not showing up in the labels, I might need to re-add it and then delete it. 
Sigh.

(We did a batch update to apply the label, it was not specifically intended to make 
this issue restricted.)
Labels: Restrict-View-SecurityTeam
Labels: -Restrict-View-SecurityTeam
I can't get the label to come off... comment 100 shows it being removed and yet it 
still shows up in the labels on the left :(
Comment 102 by Deleted ...@, Oct 7 2009
Interesting.. more than an year has passed since the issue has been raised and not much 
has been done so far...
Shouldn't chrome atleast stop storing passwords altogether until a master password 
facility is available? 
Status: Available
Mergedinto: 812
Status: Duplicate
I'm sorry this bug has stayed open so long when we had UI team consensus on it a year 
ago.

We don't intend to add a Master Password per se.  There are a number of reasons why 
not, but they boil down to UI complexity and the fact that a master password really 
doesn't measurably increase your security -- given our use of Windows' built-in 
crypto routines, the sorts of situations in which it makes any difference are ones 
where an attacker has the ability to access your local machine as you while you 
aren't around, in which case it's trivially easy to do things like install 
keyloggers.  A master password makes users feel more secure when in reality they 
aren't.

However, we still may implement something like bug 812 someday, where it's possible 
to run Chrome in a mode where you "log in" to the browser on startup.  This addresses 
the one use case for master passwords that is somewhat legitimate: that of preventing 
"casual snooping", where an acquaintance decides to peer at your passwords on the 
spur of the moment.

Therefore, I am duping against bug 812, as that's the proposed way to address this 
use case.
Assume issue 812 was implemented. Say I'm logged into my Chrome, walk out of the room, 
and an acquaintance decides to open my Options and clicks the "Show saved passwords" 
button. This is a case when the single sign-on provides less security than a master 
password. I think the user should still need to enter a master password upon selecting 
the "Show saved passwords" button, else anyone who has access to an already-logged-in 
Chrome could view all saved passwords.
Totally agree. With master password,I have some protection from indiscretion of
anyone that can come in contact with my computer.
Should I go on-line to my favorite site to buy stuff using Chrome? NO, because if I
save any form, it can be accessed by anyone 100% be it 5 year old child who knows how
to use the mouse, up to the most vicious hacker.
@GraemeErickson and others:
https://help.ubuntu.com/7.04/keeping-safe/C/lock-screen.html

I totally agree with Peter, a master password doesn't buy you any security. Your master 
password is your windows/mac/linux session password.
@105/106: It's reasonable to suggest that a profile which required a login would also 
require a second login to show the saved passwords.  That's not something that bug 
812 makes impossible.

Note that like I said above, in the general case someone with physical access to your 
machine can do all sorts of things.  Besides installing keyloggers or grabbing the 
passwords directly, such a person could order items as you or change your password on 
various websites to something of their choosing -- even if the above paragraph is 
implemented.  The lesson is that if you really don't trust people with physical 
access to your machine, master passwords don't help; and if you're concerned about 
merely "casual snoopers", then you should lock your desktop (it's two keys!) or close 
Chrome (assuming issue 812) when walking away, at which point the user has to log in.

We're not going to try and help an edge case for users too lazy to hit Win-L.
My interest in the master password comes from the fact that firefox doesn't encrypt
the passwords on disk unless a master password is set (which means, without a master
password, someone who has access to the physical drive can easily extract them, so
locking the windows session will not help). If chrome is already encrypting the
passwords on the disk using the native OS crypto routines, then the additional
security added by master password is some "privacy". At work, I never walk away from
my PC without locking it first, but at home, I share the PC with multiple family
members, so it is not always possible to lock or even enforce a separate login per
family member. Master password definitely helps, but it doesn't seem as important as
it is on firefox.
I understand the general sentiment that even with a master password, if you can use 
the machine as a particular user their passwords are effectively readable.

The reason that I use a master password in Firefox and haven't stored passwords in 
chrome is that by writing it to the disk in plain text, the attack surface is 
increased and the threat model has to be updated.  Once the passwords are in plain 
text on the disk, one has to additionally worry about properly decommissioning the 
disk, stolen laptops, and file system bugs that expose data of one user to another.  
While a master password doesn't provide the security that some users think it does, 
it does reduce the threat model.
Nobody on the dev team has ever let their friends use their computer for 'just a sec to check my email?'.  It's so 
insecure in chrome that they could find all of your passwords in 5 seconds of what looks like innocuous clicking.
@109/110: As I alluded to, we use the Windows crypto routines to encrypt your passwords 
on disk.  Someone who takes your physical drive has to log in as you or crack that 
encryption.  We don't write passwords in plain text.

@111: I can't speak for the other developers but I don't generally hand my machine to 
somebody I couldn't trust with my data, and then walk away.
Seems some developers  have a personal relation with their computers that no one can
touch and see. Anyway, till master password is implemented, I personally will not
consider Chrome as a valid alternative to Firefox.
@pkasting, could you elaborate on what the "UI complexity" problem is? I don't disagree that a master password 
doesn't greatly improve security, but even if it improves it a little isn't that worth it?

I like the "master password" scheme because I only have to type it in the first time I need access to a stored 
login. It also re-locks if I don't use it after several minutes. Maybe I'm miss understanding it, but the proposed 
feature in issue 812 sounds like I'm going to have to login whenever I open my browser (which seems annoying) 
and then my passwords are accessible (though not necessarily readable) until the end of my browsing session.
I would like to describe an actual use case: I have iTunes on my machine and remote 
speakers. I sometimes play music for the whole family to hear. When I leave the 
computer to go do something else, my spouse may want to change the music. Given that 
she has a BlackBerry and not an iPhone, she has only one way to do so: have physical 
access to my iTunes, and therefore my computer's account. This sort of things happens 
all the time. It's not that I am too lazy to hit Win-L, it is that if I do, I get 
called a paranoid spouse. And if my passwords are "snooped" at, I will have no 
knowledge of this, whereas keyloggers installed, I will.

+1 for a "profile" or whatever you want to call it password, that is asked again 
before displaying the saved passwords. Or even simpler: do not display passwords at 
all, and leave this feature to other, specialized "password-saving" applications. 
Hello.... Was this Pri-2 issue just closed into a Pri-3 one? Hello...??
Does chrome use DAPI to protect passwords written to disk? See:
http://msdn.microsoft.com/en-us/library/ms995355.aspx
Typo... I meant, DPAPI.
Suggestion for the UI: what about asking for set a master password the first time you 
open stored password if a master password is missing? it should be a dialog in a pop-
up like this: a master password is not yet set, do you want to set one? only two 
field are necessary: insert password, confirm password. and an option below: never 
show this dialog in the future (if the user does not intend to set a master 
password). not a particular UI complication. next time he wants to look at stored 
password he just has to insert the password he had set. if a user forgot his password 
he can clear from the clearing browser data all the password stored and the master 
password goes away. 

the point is that the most of the people that maybe should watch on our machine 
looking for stored passwords are not necessarly hacker that could break a master 
password, so is not true that this is worthless. and the fact that you have to login 
every time you open your browser for making your password safe (according to plan of 
merging it into 812) is defenely too annoying.

I believe that resolving this issue within the context of issue 812 is possible.
However, it introduces new requirements to issue 812 which haven't been discussed
there so far. In addition, issue 812 seems to be rather low-priority both to users
and to the Chromium team, and solving issue 812 needs much more work than solving
issue 1397. Hence, please forgive me if I'm sort of pessimistic about seeing any real
solution that way in the forseeable future...

Also, I must say that I'm a bit unhappy that you made me write a full spec on how to
resolve this issue in March (comment 47) if you had decided already half a year
earlier that you won't fix it anyway. :(  Please don't do that again.

As for the discussion about the security impacts of issue 1397, I think everything
has been said already; there were not many new ideas after Comment 36. Depending on
the way people use their computer, not everyone will share the concerns expressed
here. However, those concerns are extremely valid for quite a lot of users out there
in the real world. It is the Chromium team's decision on whether or not to offer
those people an alternative to Firefox. It's ok if the decision is a 'no', but in
that case please say it clearly. And if the decision is a 'yes', please put an
ambitious target date on issue 812.

About the plain-text passwords on disk : AFAIK, password aren't currently encrypted
on Linux (or MacOS). the encryptor functions are just placeholders : 
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/encryptor_linux.cc?view=markup

If this issue is merged into issue 812, should a separate issue be created for "be able 
to legitimately migrate Chrome with its saved passwords to another machine" if I need 
that functionality?
Can I just add my two cents by saying, in real life, I will often lend my laptop to 
friends who "just need to check email". I am not bothered about encryption, just my 
friends having access to all of my saved passwords which I cannot remember.

This is the only reason why I have google chrome on my desktop and firefox on my 
laptop. And there are probably many users just like me!

It is nothing to do with "hackers" or "malicious" access, it is to do with REAL LIFE 
security. See the design document.

Regards
"We're not going to try and help an edge case for users too lazy to hit Win-L."

Nice way to condescend to your users. As I stated previously, my employer has my
Windows password, so Win-L does exactly _nothing_ to help me here. Firefox will
continue to be my primary browser as long as I can't trust Chrome.
my point is: if a lot of users want a function like that why you don't want to make 
them happy? even if you don't think this increase the security for users, if they feel 
more secure with a master pass why don't give them? if your point is increase the 
market share of chrome and a lot of users don't trust it because the FEEL less secure 
about this thing of password manager why not satisfy them? even if you don't really 
think this is needed maybe you should listen to users opinion, because if they don't 
feel secure they can't use this browser even if it is the best one (and that is what I 
think). users opinion seems pretty clear on this point. 
Here's a couple of scenario's which, IMHO, make a master password useful.

Say an acquaintance asks to quickly use your pc to check his/her email. I can be
reasonably certain (s)he won't go through the trouble of installing a keylogger (if
just for the risk of getting caught/me detecting it).

However, clicking on "shows passwords" isn't hard, and the risk of detection is very low.

Another scenario:

As a consultant, people regularly use my laptop to check out a software bug, etc.
Doing a "view passwords" when I'm not paying attention for a second/on the
phone/whatever isn't hard. It's politically incorrect for me to kick a customer off
of my laptop when I need to take a short phone call.

Your argument would be that they could install a keylogger while I'm taking that
short phone call. However, doing this is harder - i.e. it raises the bar - and,
again, I can detect it - which is why most people won't do it. It's even probable my
anti-virus detects it and logs it, meaning I'd have actual anti-virus logs of it
happening, and therefore I wouldn't type in a password or anything of value until
it's gone.

All this isn't true for "view passwords".

A master password raises the bar, which is what security is about. Most of the time,
100% security is impossible - it's just about making it hard enough, about raising
the bar, so it would cost "them" too much to make the effort.
I have added more comments to issue 812 which hopefully detail how it can be used to 
provide the equivalent to "master password" support, since clearly it has not been 
obvious what the ramifications of that bug are.
Comment 128 by cpu@chromium.org, Oct 21 2009
We hear you.

We'll take another look at this. Please do not add comments that are effectively the 
same of one of the previous 127 comments. You can star the issue instead.

#122: I've just found that we already have a separate issue for migrating saved 
passwords: issue 9199 (should be renamed though).
Using the firefox master password I am able to migrate saved passwords between profiles 
(windows and linux), by copying the signons3.txt (now changed to signons.sqlite) and 
key3.db to the new profile. I could then access my saved passwords on the new machine 
or OS (using the same master password). This has proved to be very convenient. The only 
improvement I could want would be keeping the encrypted passwords on-line in my google 
account (only decrypted in the browser). In this way, newly added passwords / sites 
would be available to all my browser profiles on different machines / OS.
Issue 28648 has been merged into this issue.
Comment 132 by Deleted ...@, Dec 9 2009
Didn't find much use of chrome browser as I don't use windows. 

Now that it is available for linux I wish I could use it. 
But the silly stuff would not ask for a password before showing all stored passwords. 

A master password that doesn't depend on extensions and cloud is essential. 

Comment 133 by Deleted ...@, Dec 10 2009
I really think that if chrome won't have a master password it will be soon sweep off 
my pc, because that's really an huge security hole.
Labels: -Security
*Sigh*
I this topic is losing focus as a result of non-engineer anger and engineering tunnel 
vision.  There is a lot of talk about "enormous security holes" on one side and 
"sufficient crypto and no real security" on the other side.

Both sides overshoot the point - its not about engineer type-algorithm/hacking 
security and its not some monstrous security hole.

No one means to say that a master password is some kind of necessary, Hi-tech black-
hatter security feature.  It is just a simple barrier to the most ancient form of 
information theft - social engineering (google it ;).

Chrome stores your passwords for convenience and you can open up settings and see 
them all.  A master password prevents some not-really-tech-savvy person who you think 
you can trust from doing that.

Plain and simple, it is a feature that lots of people view as useful for preventing 
social engineering. These people think is should ship with the browser, but default 
to turned OFF.  Most people won't know the difference and chrome will be the same to 
them, nothing annoying, but those who recognize it as a useful barrier against social 
engineering will have the option to turn it on.

Its not a security hole, its a an additional barrier that your users would like as an 
option.
Please listen to us.

Typo: "I think* this.."
Apologies.
Comment 137 by Deleted ...@, Dec 10 2009
I consider it as a security hole because if your pc get stolen and your user is 
already logged in, the thief could also access to all the services you have saved a 
password in chromium, that's absolutely not good.
So in my opinion the lack of a master password is a security problem.
I perfectly know that j random hacker can break it, but I really hope that he could 
find more interesting things to do.
Talking technically I know it can't be considered as a security hole, but that's not 
the point: master password is an useful service, so why not implement it?
I don't know if it has been pointed out, but if someone steal your laptop, he or she 
doesn't need access to the password to log onto you PC. Just boot with recovery media 
and open the hard drive. From there, go to Google Chrome data directory and open up the 
password database and voila... At least, with a master password, he or she wouldn't be 
able to access the data/passwords. It seems obvious to me. Doesn't it?
OK, after reading http://www.switchonthecode.com/tutorials/how-google-chrome-stores-
passwords, I might have been wrong on my assumption. The data stored on the sqlite 
database is indeed encrypted using the current user/computer access logged on the 
machine. So, technically, the only way to "steal" passwords is that have physical 
access to the machine while the person is logged on (drive-by).

Which is much better that what I thought.  Never mind what I said.
In the Linux version of Google Chrome (4.0.249.30) the PW is stored unencrypted in
the "Web Data" file, ~/.config/google-chrome/Default/Web Data

When Chrome comes with a Master Password I might change from FF to Chrome, but
certainly not before. 
Comment 141 by Deleted ...@, Dec 12 2009
Web Data is really an interesting file, talking technically of security, I'd say about 
0.

And there's no need of a master password?? -.-'
LOL
Comment 142 by kna...@gmail.com, Dec 12 2009
With extensions here, all you need is to get master password.
Then I will switch.
For all people who want master-password, please feel free to suggest it here http://www.google.com/support/chrome/bin/static.py?page=suggestions.cs&issue=107378&bucket=15652.
BR
Issue 30780 has been merged into this issue.
Comment 145 by dkar...@gmail.com, Dec 26 2009
The more I use Google Chrome, the more I feel that I need to go back to Firefox because 
of the lack of privacy with passwords. If you can't make it then at least disable the 
password saving feature. This is ridiculous.
Comment 146 by Deleted ...@, Jan 4 2010
Master password in Chrome is necessary !

Andy from Poland.
Comment 147 by jjg...@gmail.com, Jan 17 2010
This is definitely an important security feature.  There is no way that I'll save any 
of my passwords in Chromium until there is a master password and strong password 
encryption.
This is a joke...

Chromium communicates heavily about its secure design, but user passwords are stored 
unencrypted.

Worse, two years later, the "priority 2 (it seems to mean low...) security bug" is not 
yet addressed, and not scheduled for any future milestone...

Chrome does not store user passwords in plain text - they are stored encrypted. 
More information here:
http://www.switchonthecode.com/tutorials/how-google-chrome-stores-passwords
Still, the lack of a "Master Password" feature ( like that in Mozilla Firefox ) is 
preventing me using Chrome seriously.
Please add a master password feature.
Having given Chrome a try now I can only second the request for some sort of master 
password feature. This is the one thing I am really missing in Chrome right now.
Comment 151 by Deleted ...@, Jan 26 2010
Master password is important security feature!!!!!!!!!!!!!!!!!!!
Please? add it ASAP!!!!!

Why has this not been resolved?!?! Chrome is on version 4.0 and this is still not 
implemented? What a joke.

There is huge demand for this feature and all the replies from chrome devs are smartass 
comments. PLEASE JUST DO IT!

k thanks
The data is stored unencrypted on linux, version 5.0.307.0:

  shell> sqlite3 ~/.config/chromium/Default/Web\ Data
  sqlite> SELECT username_value, password_value FROM logins;
  calvin|hobbes
  ...

The encryption which seems to exist under Windows is very weak because the contents
is accessible without any protection when logged in.

Issue 33550 has been merged into this issue.
Comment 155 by gera...@gmail.com, Jan 29 2010
@davidwhthomas

"Any procedure used in cryptography to convert plaintext into ciphertext (encrypted 
message) in order to prevent any but the intended recipient from reading that data"
-- http://foldoc.org/encryption

"In cryptography, encryption is the process of transforming information (referred to 
as plaintext) using an algorithm (called cipher) to make it unreadable to anyone 
except those possessing special knowledge, usually referred to as a key"
-- http://en.wikipedia.org/wiki/Encryption

By this both these definitions (and I doubt there would be many that disagree with 
either) what Chrome does is not encryption at all as it does not require any "special 
knowledge" to decrypt and it does not prevent decryption by people who are not the 
intended recipient.

What chrome does is disk obfuscation, not encryption. However even that is pointless 
as anybody can simply open Chrome and click a button to reveal your bank password.
What Chrome Developers didn't do, some other developers did.You all can find at least
two extension witch address this HUGE gape in Chrome : Roboform -
http://www.roboformchrome.com/topic/roboform-for-chrome-alpha-was-releasedand
LastPass - https://lastpass.com/misc_download.php?noscroll=1#windows
Comment 157 by dkar...@gmail.com, Jan 31 2010
Those two solutions (LastPass & Roboform) require you to store your passwords online. A  
move that will not be made by people with common sense. Those companies must comply 
with all authorities and hand them the information per request.
Don't risk yourselves. This is not the solution.

Chrome developers, what say you? who can we talk to about this issue that would 
actually listen?
Issue 34019 has been merged into this issue.
Issue 34213 has been merged into this issue.
I don't see why there should be so much fuss about this issue. Just implement the damn master password and 
those who want it can use it and those who don't care won't use it. 

It can't be that simple to view someone's stored passwords, just clicking a button! And it's at plain sight 
on Chrome's options!

We're not asking for much here (at least not me) Just a simple master password to make it a bit more 
difficult for person X using my PC to see all my stored passwords. Of course there are ways to circumvent 
this, just as there are ways to circumvent a lock on someone's door. That doesn't mean we shouldn't use 
locks!!

I just can't believe this issue hasn't been addressed yet.
Comment 161 by Deleted ...@, Feb 12 2010
OVER a year and this still isn't addressed. This shows me that Google has no intentions 
of adding this feature. I'm going back to Firefox and if Google kills the deal that 
gives Mozilla 85% of it's revenue then it's back to IE for me.
Comment 162 by grin...@gmail.com, Feb 17 2010
Master password, proper encryption, cover every private data with master pw, and 
properly time it out after a given period, suggested as 5 minutes (user selectable) 
after the last successful password usage or master password entry. (As I said in issue 
53)
Comment 163 by Deleted ...@, Feb 17 2010
i gave chrome it's first chance over a year ago and quickly uninstalled due to lack of 
a master password feature. i gave it another chance today and again am uninstalling 
within 1 hour of install for the same reason.

maybe firefox owns a patent and google is too cheap to pay the licensing fee. i see no 
other reason why they would blatantly neglect consumer demand for so long.

back to firefox. 
Over a year now..no master password!!!! The only reason I keep Firefox is for its 
master password feature!
Wading through the comments again shows an interesting process here. 
Around comment 81 the requested design spec provided. At comment 93 the dveloper 
leaves, and enters at comment 104 the guy who habitually close master password bugs, 
and reasons that _windows_ (I don't know what that could be, the only windows I have 
provide light through the walls) have password whatever and it have some keys which 
do something and we're lazy to push that so the spec interests nobody, doesn't 
require any consideration, explanation of ignoring or so, and the bug is closed. He 
reasons that MP isn't secure because it only stays against physical access, so and 
so.

I try to be polite. 

1) It does not require physical access. Passwords are stored on the filesystem, 
unencrypted. It requires any access, remote, local, transcendetal, whatever. You 
retrieve the file, read the password. 

2) The magic keypresses (session and root passwords for the ignorant ones) doesn't 
provide any protection against physical access, and educated people can enter the 
filesystem the same amount of time a live CD boots on a machine, period. Then get the 
file, read it.

3) Installing a keylogger requires efforts several magnitudes higher than copying a 
file, and nowadays most people possess several ways of preventive measures to detect 
or avoid these. 

4) Master password isn't recoverable by peekeng at the filesystem.

5) Master password is crackable by brute force methods, yes. Stronger the password 
and more careful the implementation make the required time longer and the required 
resources larger. The whole point of security is to make it non feasible to break a 
security feature as much as possible. Except proper one time pads there isn't really 
such thing as Ultimately Secure System. I believe that a strong master password means 
a high barrier to get the stored credentials, which is _much_ better than the current 
state of affairs (basically storing plaintext everything).

I (and I'm sure most of us here around) very much would like to have the discussion 
about this feature with knowledgeable persons except pkasting, who is I'm sure a 
friendly and positively thinking person but seems to possess limited and somewhat 
personal attitude towards this issue. If the design spec contains problems, discuss 
them, fix them. If there is a (said) knowledgeable team who *really* examined the 
problem and come up with real *reasons against implementing it* we much probably 
would be happier to hear these instead of summaries basically containing "no, just 
because I think it's not good". (Such denials ought to contain at least a pros and 
cons which would show that pros were considered, and the cons still outweigh them.)

And as a sidenote issue 812 explicitly make people talking about master password 
(like) feature to shut up, so maybe it isn't "duplicate" after all. (But I 
acknowledge the possible limitations of this issue tracker in these cases. :-))

Issue 37450 has been merged into this issue.
Agreed with grinapo in comment 165. It seems this request is taken very seriously by
many security-conscious people who would really like to use Chrome but won't because
of this single issue (me included), and on the other hand is downplayed with a lot of
effort by people at Chromium. It's frustrating for both 'sides', in particular
because the current implementation already intends to have the user's login
credentials act as a kind of master password, but doesn't quite reach the intended
goal. And in security 'almost' certainly isn't good enough.

Please note:
- On Linux the current encryption routines do nothing, so passwords are stored in
plain text
- Redirecting this issue to issue 812 is really off-track because that issue is
apparently about on-line password sync - something security-conscious people may not want
- The master password is pretty trivial to implement and would not in any way be
confusing to people who do not enable it

Perhaps it would be good to escalate this a few levels instead of - apparently - a
single developer deciding this is a stupid feature to ask for?

Comment 168 by Deleted ...@, Mar 16 2010
I totally agree. I know many people keeping firefox just because of this gap. It is
incomprehensible
Comment 169 by Deleted ...@, Mar 20 2010
Agreed this is very necessary.  I will suspend my chrome usage until this is fixed.
Comment 170 by yoh...@gmail.com, Mar 24 2010
my passwords have been stolen because of the lack of this feature! it's a shame. From 
now I do not let Chrome remember my passwords 'cos it's TOTALLY UNSAFE!!! :((((
isn't chrome/chromium open source?  if it is, why cry google to implement master password 
feature?  perhaps there already exists a fork that includes it.
In the latest Linux version (.deb) passwords are separated from the file "Web Data" 
and stored in a new file "Login Data", unencrypted.

Comment 173 Deleted
Comment 174 by Deleted ...@, May 5 2010
I will not be using Chrome as my browser until this feature is added.
Comment 175 by Deleted ...@, May 5 2010
+1 i cannot use chrome without this being added
Comment 176 by Deleted ...@, May 7 2010
+1 wont use crome until this is ready
Comment 177 by Deleted ...@, May 9 2010
+1 i wont use chrome until this is implemented!! 
Comment 178 by Deleted ...@, May 10 2010
What is Google's take on this? Are they ever going to implement this or they are not 
listening to their users? If Google implement this, it would be beneficial for people 
those who are crying out loud here. If they don't implement it, these users will stick 
with Firefox or whatever browser they are using forever.
Comment 179 by Deleted ...@, May 16 2010
+1 i wont use chrome until this is implemented!! 

That would be nice feature..Or we should use some 3rd party storages like lastpass... 
Comment 181 by ped...@gmail.com, May 21 2010
This is definitely a very important security feature... and I don't understand why in 
Windows you encrypt the passwords, but not on Linux.
I would be nice to have an honest/sharp reply from Google/Chromium developers.

- We, 24x7x365 web browser users, need to store passwords.  That is just mandatory 
and should not be too difficult to understand.

- We can not store our passwords and then let just anyone use Chrome leaving all our 
passwords ready to be used.  This is in fact a privacy and security issue, no doubt.

- We all want to switch to Chrome because we have find several features that makes it 
better than other browsers.

So, what are the technical roadblocks?  Why can't this be implemented?

Telling everyone that we should stick to whatever browser provides such protection is 
just lame.
Comment 183 by Deleted ...@, May 25 2010
Yea, I can't use Chrome only because of this lack.

I agree with grinapo in comment 165, even with a Master Password it can me retrieved 
by many ways. But I'm trying to protect myself from persons who might want my 
passwords for some reasons, but are not good at all with computers. So using a Linux 
LiveCD is not an option for them. If they want to see my passwords, they might try to 
go in the options, but they're not gonna crack my computer to get them.

So such a function (master password) is more than enough for users like me. 
Comment 184 by Deleted ...@, May 25 2010
Reading through all of this, there seems to be some confusion. I would consider the 
greatest threat of non-encrypted passwords is the possibility that somebody could steal 
my computer (especially a laptop), while I am logged out, boot up a live Linux CD and 
copy my passwords and immediately be able to access the websites under my userid.

Apparently Windows encrypts passwords (comment 149), why can't the Linux version 
(comments 121 and 153) do something similar?

Personally I am not concerned about the case case where somebody has access to my 
computer when I am logged it, I lock my screen and only allow trusted people access to 
my account.

It is the case where somebody has access to my computer without my permission that 
concerns me. Yes, somebody could also steal my computer, install a key logger, and 
somehow return it without me knowing, but this seems unlikely. This isn't like 24 or 
Mission Impossible. Or xkcd for that matter, <http://xkcd.com/416/>.

Brian May
Duplicate of 812??? Issue 812 is about remote profiles, stored at google. That means, if you want a password, you need to store all your user data at google?

It's not the same issue!
I find it very scary that nobody has been able to do an extension for this.  Surely that says something about the extensibility (or lack there of) of chromium.

As google appear disinclined to fix this security vulnerability, I have raised a CERT vulnerability report about it.  It will be interesting to see what the experts think of the ability to reveal all passwords with a simple command like:

echo 'SELECT username_value, password_value FROM logins;' | sqlite3 ~/.config/chromium/Default/Web\ Data | grep -v '^|$'


Indeed, putting some external pressure on chrome devs with an official CVE number might help where reason failed...
Issue 46866 has been merged into this issue.
For those of you concerned about the encryption of passwords on disk in Linux, rather than the UI in Chrome, that's bug 25404 and is actively being worked on.
Comment 191 by waw...@gmail.com, Jun 18 2010
Does anyone know if this will be implimented?
Comment 192 by Deleted ...@, Jul 7 2010
Seems ridiculous not to have a master password - comeon google!
It really appears to be such a simple thing to develop. 

Simply can't use Chrome as default while we don't have proper password protection.

Come on, where's the problem? Is somebody actively ignoring us Chrome users?
Absolutely - I'm fed up with Firefox and would absolutely love to use Chrome, but the lack of a master password is a show stopper. 

Browsing the comments, there's a few idealistic comments along the lines of "it's only an illusion of security" and "a determined hacker could still get past a master password", fair comments - but this is still preventing uptake of the Chrome browser for multitudes of people. Why waste considerable money on slick advertising campaigns comparing Chrome to potato guns and the like, when implementing this (seemingly) simple feature would bring those multitides into the Chrome fold. You could even display a disclaimer when the feature is enabled to absolve any responsibility for determined hacks.

One other negative I saw cited was that a casual user using someone else's machine would be pestered by the 'enter master password' dialog multiple times - for that an easy fix is just to ask, on the second or third cancellation of the dialog, 'do you want Chrome to stop asking for the master password for the remainder of this session?'. 


Issue 50393 has been merged into this issue.
Strange! The feature is really important..Add it please, because i don't want to use the tools like lastpass to store my passwords there
Comment 197 by Deleted ...@, Aug 14 2010
I'm absolutely livid that such a feature hasn't been added already. I would actually appreciate Chrome once this much-needed feature has been implemented.

D.
Issue 53696 has been merged into this issue.
This is a 2 years old bug report. And no master password yet. Im giving up on Chrome until this is fixed... 
Comment 200 by waw...@gmail.com, Aug 28 2010
I didn't realize it when my issue got merged into this one, but this issue has been closed since October 2009.

I think getting your issue merged into this one is a round about way of squashing your Issue ID.
Comment 201 by Deleted ...@, Sep 5 2010
This still hasn't been fixed!?

Okay, I get the argument. Master passwords aren't perfect. Windows crypto works fine. You shouldn't let other people use your computer while you're logged in. After all, every modern OS has a quick "switch user" or "guest" facility. Only let people borrow your computer if you trust them. Okay, okay, I understand.

It still annoys me, as well as the trusted person who is borrowing my computer, when the other person tries to log into some website and Chrome automatically fills the login form with my username and password. Not annoying in the same way that Firefox is annoying (it displays a dammed modal dialog every time!) but still very annoying.

Comment 202 Deleted
Comment 203 by Deleted ...@, Sep 19 2010
Yea i dont see why there isn't a master password...jsut doesnt make sense, its like keeping your money stored in a un-breakable safe, but with the keys to it right in front of the door...
Issue 57596 has been merged into this issue.
Comment 205 Deleted
Issue 47820 has been merged into this issue.
Issue 57570 has been merged into this issue.
Of course one can always be careful. With this kind of reasoning, I do really not need any encryption technology when I communicate to my bank because they could always give me a piece of paper with a one time pad encryption key that I can keep in my underpants and destroy every time I go to sleep.

Seriously people, security technology is here so that having security is not an inconvenience. I don't want to always worry about whether or not I remembered to lock the screen when I am away from my office computer for 5 minutes. 

At the end of the day, if they wanted to implement this, they would not have merged it with a completely unrelated issue and closed it. This is not gonna happen, so stick to Firefox. Then you can have security without being inconvenienced. 
Since there is no tool for us to see how many of us need this master-password must-have implementation, I have created a blog with one pool regarding explicitly this issue. Please vote pro or contra implementing master password in Chrome.
http://securemybrowser.blogspot.com/
Issue 59456 has been merged into this issue.
We just need a master password when it is sophisticated enough to provide remote theft protection. For other needs, just remember to lock your computer with a strong password!
@#212 and others...

"You’ve laid out many scenarios in which this might be useful, but the most common is that if your computer were to fall into the wrong hands, that person would then have access to your saved passwords.

While we agree that this situation would be terrible, we believe that a master password would not sufficiently protect you from danger. Someone with physical access to your computer could install a keylogger to steal your passwords or go to the sites where your passwords are stored and get them from the automatically filled-in password fields. A master password required to show saved passwords would not prevent these outcomes."

That is bad reasoning.

The mechanism you use to encrypt my password means only that a person (for example, someone in my company's IT staff,) that can reset my password can gain access to every password I have protected.

True, if someone has physical access to my computer, they can install a key logger and sniff data.  But I think the far greater risk is my laptop falling into the wrong hands and staying their while they take time to do forensic research and recover personal and private data -- not someone sneaking onto my laptop (physical access or not) to sniff my keystrokes.

I would add that to exploit as you described with a keylogger does not require physical access at all.  If someone's system is compromised in this way, then it is compromised regardless.

I would argue, then, that you should add a "non-keystroke" second factor of authentication -- e.g., "select the correct one of several randomly placed images", or "click a numeric PIN" -- things that are not sniffed as easily.

A strong encryption algorithm with a strong passphrase is inarguably the best option available to us -- far better than a simple mechanism that any puke who has access or the ability to change my account password will provide.
+1

A master password may not protect against a keylogger attack specifically. But it does protect against other forms of attack. The keylogger/rootkit approach requires the attacker to leave (detectable) traces of his attempt. His kit might need a connection to a server. Or he might need to come back to retrieve whatever was logged. Furthermore: nosy girlfriends, friends or family and other non-professional hackers with physical access usually don't go as far as to install keyloggers and rootkits. Currently grandma can just view and steal the password without leaving a single trace. 

That's just too easy! 
Issue 61600 has been merged into this issue.
In case this helps, it seems like you can configure the "Show passwords" button from the registry.
For more information, see this page -
http://dev.chromium.org/administrators/policy-list-3#PasswordManagerAllowShowPasswords
So can an unauthorized person just change this registery settings to see all the passwords on someone elses machine? If so then no, it doesn't help.
@216
It's interesting, but this bug is as much for the average user who has never heard of the registry but still saves password in Chrome, as it is for us.
@213 "But I think the far greater risk is my laptop falling into the wrong hands and staying their while they take time to do forensic research and recover personal and private data"

That would be my main reason for password encryption of passwords as well. The thing is, right now, you don't even have to be a forensic expert, nor you need any knowledge about trojans and keyloggers. You open chrome and write down all the passwords. That is a no go for all mobile devices
Issue 61768 has been merged into this issue.
Can't this be made pluggable, so that if google doesn't care about casual security, at least others can provide plug in modules that do?


Comment 222 by pam@chromium.org, Nov 6 2010
Issue 62159 has been merged into this issue.
Comment 223 by Deleted ...@, Dec 20 2010
Agree with everyone. We need a master password!! i've just realised this problem and probably will switch back to firefox if this is not resolved soon
Issue 68374 has been merged into this issue.
Comment 225 Deleted
Over 2 years and Google does nothing about this glaring security issue. Can this be solved with an extension?
Issue 70547 has been merged into this issue.
Issue 72163 has been merged into this issue.
Comment 229 by Deleted ...@, Feb 7 2011
Surely whether Chrome had a master password or not, a keylogger would still collect passwords as they were typed.
However, if Chrome had encrypted passwords, typed them into websites with two-channel auto-type obfuscation (à la KeePass) and required authentication to unlock these passwords then it would be secure enough for most users and anyone who considered this insecure could choose not to use this.
Keylogger or not, this will keep me from using Chrome as my primary browser (and install Fennec on any Android device I buy). Hundreds, if not thousands of users have requested this feature, and Google obstinately refuses to implement a simple security feature.

My kids occasionally use my computer, and I don't want to have to set up user accounts for everybody. Simply closing and reopening my browser should be enough to protect my passwords while allowing a "guest" to use my PC.
Issue 72270 has been merged into this issue.
Comment 232 Deleted
Comment 233 Deleted
For linux systems that use gnome-keyring or the KDE equivalent you could lock your keyring before leaving your PC. Unfortunately I don't know the equivalent in Windows.

Had to run google chrome with --password-store=gnome to use my keyring.

To lock your gnome-keyring in Ubuntu at least you could either use seahorse or run:

python -c "import gnomekeyring;gnomekeyring.lock_sync('login')"

Another thing to note is that gnome-keyring is locked by default when you lock your screen. Passwords are then encrypted again.

This is enough for me to use chrome even if there is no master password.
Comment 235 by Deleted ...@, Mar 7 2011
There are admins that could sign on to computers at work, so LOCK COMPUTER cannot work for keeping my passwords safe from just a random user.  For 99% of the time, this is a private computer.  But I cannot be 100% sure some admin won't sign on.  Please don't bother responding to this with, well don't store your passwords on your public computer. Lame.
Issue 75411 has been merged into this issue.
Comment 237 by goo...@tiros.net, Mar 9 2011
An alternative is to use KeePass (Windows). Nice solution, but too complex for many users.
Comment 238 by Deleted ...@, Mar 14 2011
Without this so basic feature Chrome gets a HUGE UNLIKE from me. Going back to Firefox which has this function. I can't believe that Google is so incompetent in this issue. 40 years ago men was on the Moon. I don't think this is rocket science...  
Issue 76478 has been merged into this issue.
Labels: -DesignDocNeeded bulkmove Action-DesignDocNeeded
Mergedinto: -0
Master password setup is missing where we can authenticate the used to show 
the stored passwords.
The "master password is an illusion of security" excuse is a total cop-out. I don't use a master password to keep malicious hackers that have physical access to my computer out of my stuff, I use it so that my friends and family don't have instant access to all of my websites when I leave my computer unlocked for them to use. I love Chrome, but a master password really should be implemented. I'm sick of having to open Keeppass every time that I need a password.
"master password is an illusion of security", yes but such a feature like "Show password" is ABSOLUTELY awfull!!!
Issue 76940 has been merged into this issue.
Issue 75897 has been merged into this issue.
Comment 245 by Deleted ...@, Mar 28 2011
I just set a new user at our company up with Lastpass and for chrome to never offer to save passwords because this feature is not yet implemented on Chrome. I still set them up on Chrome but it would be nice to not have to use Lastpass if possible.
Comment 246 by Deleted ...@, Mar 28 2011
Design doc = Firefox Master password!!!!! Duh. DO IT.
Comment 247 Deleted
How can users wait from Chrome developing team to understand the problems they are facing when they are so bad organized that they have several threads for the same Issue. 
This Master Password Issues is also discuses here (perhaps other threads also.. don't have time to loose with such lack of support team and search for more) http://code.google.com/p/chromium/issues/detail?id=53 with the same "ignoring users" solution from the part of the developing team.
Google is wondering why Android phones and tablets didn't reached the level of professionalism of Apple's products?  
Dear Google please stop playing the act of being open source and open minded and start being an open source and open minded company ( at least on those places you say you are).
Saying that a master password is an illusion of security because there are ways around it is like saying that a lock on a door is an illusion of security because someone can bash down the door with a sledge hammer.  Like a door lock, a master password *does* prevent *some* avenues of attack.  If the password manager encrypts its stored passwords using my master password as a key and my laptop gets stolen, the thief won't be able to get his hands on my passwords without the master password.  That's not an illusion of security; it's an essential safeguard.
Comment 250 by Deleted ...@, May 8 2011
"We understand that many of you want a master password for your saved passwords in Google Chrome.  You’ve laid out many scenarios in which this might be useful, but the most common is that if your computer were to fall into the wrong hands, that person would then have access to your saved passwords.

While we agree that this situation would be terrible, we believe that a master password would not sufficiently protect you from danger. Someone with physical access to your computer could install a keylogger to steal your passwords or go to the sites where your passwords are stored and get them from the automatically filled-in password fields. A master password required to show saved passwords would not prevent these outcomes.

Currently, the best method for protecting your saved passwords is to lock your computer whenever you step away from it, even for a short period of time.  We encrypt your saved passwords on your hard disk. To access these passwords, someone would either need to log in as you or circumvent the encryption.

We know this is a long-standing issue, and we see where you're coming from. Please know that your security is our highest priority, and our decision not to implement the master password feature is based on our belief that it creates a false sense of security instead of actually providing a strong security benefit."
-Google. Its true. A citity wall can be as much protective as it can be a death trap. 
Comment 251 by Deleted ...@, May 17 2011
Ok then. Take this scenario: You use Google chrome at work. All your passwords are nicely synced between work and home. When you leave your job, you hand your laptop/computer back in... "oh, crap. I forgot to uninstall chrome"!!! The next person to log in (admin or whoever) now has access to all your passwords.

Scenario 2: You've got your laptop out for a party. You leave it unlocked so others can select music. One person decides they want to check their Facebook account: fire up chrome, now they're in YOUR Facebook account.

This has been requested by SOOOOOooooooo many people; listen to your users.
I find Google so wonderfully considerate not to add a master password. I hate living in a world with a "false sense of security.”  Beware! Your grocer might be poisoning your apples! Only in college did I realize my insecurities after drinking punch at a party!

You all are fools to ask for such a feature. A toddler once bought a car on eBay. Don't you fear that a toddler might come on your browser and steal your passwords?

Hell, I know a thing or two about getting rid of false illusions, and it seems that Google does too!  When Chrome offers you to save a password, a key icon appears to the left. Everyone knows a key locks a door that any seasoned toddler thief can remove from the hinges! If a key icon doesn't suggest your saved passwords are insecure, I don't know what does.

Google also encourages you to sync these open passwords just like bookmark. Nothing teaches security like the mantra that a password is really just a bookmark.

To further correct your illusions, Chrome doesn't even tell you that your passwords are left completely out in the open. It’s better for you to arrive at the manage passwords page and have Google scare you shitless! That's the only way you all will learn a thing or two about security. 

To all you haters: Keep loving Firefox until a pack of ninjas breaks into your house, works around your firmware password, breaks through your master password, and steals your Facebook account.  Join along with me in using Chrome, or you'll learn the hard way.

I've got a suggestion to make. (You can’t only praise Google in a post! Lol!) Please get rid of those stars and dots that mask passwords for the remember passwords feature. People might learn a bit faster.
Master Password feature is very important... many times this happens that  relatives or friends are visiting & wanna check a quick email... in the meantime, one has to fetch some food Or stuff for guests... here u go, ur passwords are a public property now& even before u can recall this flaw in chrome. Google's concern for privacy of users becomes doubtful. Master password feature is a MUST...

For keyloggers & hackers antivirus programs are there... & the usual reply given here that they can still hack in is outright hilarious... Like ya, if u take all necessary precautionary measures you will still die one day ... oh come on google I like chrome, plz don't make me switch.
More than half of the interested users of Chrome are asking for this feature. Implement it at par with Firefox or IE. At home, most of us share computers, many with a single login. Or parents sharing their user account with children. This is the nature of Windows and it's casual usage for browsing, similar to iPad browsing. Those of use would like to have Chrome store passwords are appalled by Personal Stuff, and the SHOW option. Once you hit Personal Stuff, and before SHOW, you should be prompted for master password, similar path as Firefox. Or with IE, it stores them and not ever viewable in clear text, simple encryption within flat db, and overwritten if change in login. Simple. Done. Please change this Google.
Comment 255 by Deleted ...@, Sep 1 2011
I can't believe this issue hasn't been addressed.  Seriously?  How in the WORLD does Google think it's fine to leave people's save passwords unsecured in a browser?  Any person with access to the computer can open Chrome and easily view every single password a person has stored in Chrome.  This is IDIOTIC.  What the hell, Google?
this will be less severe when/if bug 92117 will be fixed and profiles will be alive
Comment 257 by Deleted ...@, Sep 5 2011
The one I have been using with firefox is perfect, type in Master pwd once per session to unlock. Locks down when I close browser, if I leave the browser unattended and unlocked well that's my problem/fault. 

It is unbelievable this feature is not added to Chrome. I have held off making Chrome my browser of choice, recently deciding to convert permanently then I find this obstacle. 
Everything else I love but because of this one issue I am staying with firefox, I am prepared to go without all the Chrome goodness to be able master lock my passwords.
Concur with many comments here - esp. 257. I'm looking to switch from FFOX due to performance issues but, it has an easy-to-use (and I presume secure) method of securing saved passwords. If Chrome doesn't have it, the security risk is too high for me and I'm left with no choice but FFOX or, find some app that stores PC-wide passwords securely.
Comment 259 by Deleted ...@, Oct 23 2011
Let me just add to the (seemingly) ignored issue. And this is the same analogy previously mentioned in another comment.

The argument against this feature says that it's just "security through obscurity" since a user with physical access can circumvent the security. So does this mean I shouldn't bother storing my important belongings in a safe at home since my friends have physical access to it in my house? So I should just leave important belongings and thousands in cash out in the open because well, "their in my house and trusted". Lol. Does this mean I should put my private belongings on my living table for everyone to see since they could find it anyway in my bedroom? Should I not lock my car since a person has physical access to the windows? Does this mean I shouldn't encrypt sensitive data since a user with access to my machine can find it? Does this mean I shouldn't password protect my machine at work being that my co-workers have physical access to it and it's not secure anyway?

Additional layers of security that are possibly crackable with physical access does NOT mean that security is "security through obscurity" and I'm surprised google (of all people) defined it this way. They are just additional measures of security (crackable or not) and most if not all things are crackable but that doesn't mean that I shouldn't have more security added wherever possible.

I mean... c'mon google... YOU'RE STORING MY PASSWORDS IN PLAIN TEXT. Isn't that like security 101?
Comment 260 Deleted
Comment 261 by Deleted ...@, Oct 26 2011
ROFL, can't belive this is still not implemented for 2 years?... whats the reason and where is a statement of the dev team about this.

sorry i have not the time for a long comment, as i have now to switch back to FF...

I just want to have a strong master password for the session, so i can save my not so strong forum passwords here in the browser.. thats no kind ob obscurity!

may be it has to be don by public private key? as the algorithm would be open source but i would had no problem with that... 
Issue 102267 has been merged into this issue.
those silly google android/skype guys should have been told that it is completely ok to store unencrypted user data and they should store password in that way as well :-)
Once you have malicious app on your pc/phone, encrypting is useless,
if you don't have malicious app you don't need encrypting. q.e.d.
 

http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/


What about a malicious *person*?  IE, someone steals your laptop.  If the passwords are encrypted, they're in no immediate danger of being compromised.  If they're unencrypted, you better hope you can race to another computer and change them before the thief has a chance to exploit them.
Comment 265 by Deleted ...@, Nov 23 2011
Absolutely rite
I just now realized that Chrome lacks a master password feature, and as such, I will be deleting it from all of my workstations and uninstalling it until such time as Google sees fit to listen to the users.

The fact is that computers are subject to casual use by friends and family, and I have no desire for my wife or friends to be able to see my passwords in plain text with two clicks of a mouse.  Call it a "false sense of security" and mock if you will, but Chrome is out. 
Comment 267 by Deleted ...@, Nov 29 2011
Use Lastpass brah, no need to sweat over stubborn devs. Chrome has other features that makes it superior I guess. B)
Since 2008? Wow. What's wrong with Google? I thought these guys were the cream of the country. First of all, you can't deny access to everyone. A friend comes over and wants to use facebook, you can't deny him nor can you watch him all the time. He can easily just go to settings and sneak a peak jst for fun. Agreed he could install a keylogger, but few people are that techsavvy. Sneaking a peak at Chrome's settings is something few people can do. Not to mention the antivirus scanners which make it hard to install keyloggers. A peak at chrome setting, however is no big deal. i find google's keylogger excuse really lame. How many average net users know about them? How many can actually sneakily install them? How many can get past A/Vs and install them. When a malicious bugger has access to your PC, it sucks, he can do a lot of damage. but with Chrome, your average Tom Dick or Harry can be a net terrorist with 4 easy clicks!


I can't believe that the "portable" issue hasn't been raised more frequently.

A master password is MOST important when Chrome/Chromium is stored on a USB Pen drive that is formatted FAT32 (with no encryption), and is shared between (many) computers.

The whole point of having a Portable Browser is so that you don't have to trust Cyber Cafe computers.  It is MUCH more useful if it also stores (encrypted) your passwords for each website.  This SOLVES the KeyLogger problem, since a keylogger on such an untrusted computer would NOT be able to intercept you typing your password... the password would be inserted by Chrome.  Maybe such a Keylogger could intercept your MASTER password, but that wouldn't compromise anything, provided that it is different from your website passwords.

Issue 112621 has been merged into this issue.
Comment 271 Deleted
As this issue is open for so long and nothing ever happens, I very strongly believe that there is a purpose behind this. Keeping the stored passwords easily available for any person who is interested in using them for malicious purposes must fulfill some political goal for Google,
 
Maybe Google is trying to keep people from using too many different sites, so they will ultimately concentrate on a single sign-on at google+? And stop using others because of the security risk?

Uh.... you mean it's been *CLOSED* for so long.  The bug was dup'ed away and closed
in Comment 104.  See the status info: bug Closed since Oct 2009.
Google's refusing to add the Master Password for the browser's stored passwords is simply telling the userbase that Google doesn't listen to feature requests. Not everyone is going to install Chrome/Chromium in the user's personal folder (I use the "portable" ZIP file version, with a shortcut to put the profile folder in /chrome/profile, for example).

Not sure if I want to *ever* use Chrome again, after listening to 300+ users get ignored.
Why Google haven't add this function in the update today. At least put identify person's security question. Or all the saved password will be easily leaked to anybody. Please do that. By the way, does Firefox has that function?
Why Google haven't add this function in the update today. At least put identify person's security question. Or all the saved password will be easily leaked to anybody. Please do that. By the way, does Firefox has that function?
Why Google haven't add this function in the update today. At least put identify person's security question. Or all the saved password will be easily leaked to anybody. Please do that. By the way, does Firefox has that function?
Issue 116209 has been merged into this issue.
Comment 279 by Deleted ...@, Feb 29 2012
Opera can even set a master password.
I like chrome it comes in very handy but I just noticed that it can even save your credit card info for you... do I really need to add to all that has been said over the past years?!?!?!?! How can we get this problem opened again?
@teachservices.com: I also (used to) use Chrome portable, and the lack of a master password makes it utterly insecure, so I didn't let it ever save password... what a waste!

If you want to hear of 300+ MORE users ignored by Chrome devteam, take a look at the Vertical Side Tabs issue, and how they took away a wonderful feature with a short, two sentence reply including a bold-faced lie (that they didn't work... 100's of people used them DESPITE the fact that you had to jump through hoops to turn them on):

http://code.google.com/p/chromium/issues/detail?id=99332

"Issue 116209 has been merged into this issue."

With people continually asking for this feature, maybe this is a FEATURE YOU SHOULD IMPLEMENT???
This issue indicates closed Oct 2009. If the issue was resolved, then what was the resolution? Comments from that month indicate devs would reexamine the issue.

4 clicks continues to display all passwords in plain text. The official Chrome help page has no mention of this issue.

Comment 283 by Deleted ...@, Mar 28 2012
So many people talking about a false sense of security when using a master password. 

But there is only one FACT:
Using a master password requires MORE effort to get the passwords than not using a master password.

EXAMPLE:
If someone has access to your harddisk:
Using a master password requires him/her to actively try to decrypt the password store. 
Chrome says the password is encrypted too, but because I am not required to type in a master password, the master password must also exit on the same harddisk, so getting the passwords is a lot more easy, maybe there is already a tool out there, which gets the password on one click.

I just 2 days ago switched from firefox to chrome. I read that Google hired some main firefox developers who wrote big parts on chrome in the first days. That convinced me a bit. But now I am disappointed again, and think I will stick to firefox.

Bye Chrome.
Comment 284 by Deleted ...@, Apr 4 2012
Wow I cannot believe how long this has been a crucial issue. 
Labels: -Area-BrowserUI -Mstone-X -bulkmove -Action-DesignDocNeeded Area-UI Feature-Passwords
Mergedinto: 53
While I would love to replace firefox with chrome - firefox gets slower with every new release - the very fact that chrome does not yet have a master password, after several years of this feature request, is utterly pathetic! Without this feature I can't even consider using chrome instead of firefox for anything other than basic browsing.

Such a simple feature request - yet google still refuses to implement it... bizarre.
Comment 287 by Deleted ...@, Jul 17 2012
Was considering to replace Firefox with Chrome. When i found out this option is missing, i stopped using chrome. My Computer is running all day long and when im on toilet or something, everyone could read all my passwords within seconds...

I'll Try Chrome again when this feature is implemented.
Since I just found out my passwords are lying around unencrypted for everyone to read and prepended with the kind notice '[password]' in front of them in 'Login Data' (#138147) and since there is no way to set a Master password I'm immediately stop using Chromium.

It's ridiculous that such ultra important features like a simple master password which are demanded since #53 won't be implemented. Now we have issues with 6-digit-number-monsters and no master password option in sight.

Google seems to have a quiet strange sense of humour, but I don't find it funny...
I am adding my bid to this even more.
I had a computer at work I synced up and when I left failed to wipe properly. If it wasn't for the fact that the people I knew there were kind I would have risked having a bad person just a few clicks away from EVERY SINGLE PASSWORD I have stored for easy use on online services.

What I find pathetic is that you are willing to encrypt data sent over the internet but you are not willing to add a simple password to prevent even just simple prying eye from looking at my passwords. Store the password in a simple encryption for all I care, if you add a password which stops the prying eyes of my parents, brother and friends then I am fine.
This reply is about 4-years old, however reason I'm addressing it is that this issue is *STILL NOT* fixed. 
******************
Comment 25 by aba...@chromium.org, Nov 30, 2008
I'm confirming this issue as there is indeed no master password.

jspeavey, would you consider this issue addressed if there was a master password in 
the browser UI but someone could circumvent the master password by using sqlite on 
the command line to look at the password store directly?
****************************

Also to answer your question in both a consumer and corporate environment, it's highly unlikely your "average" user would know this vulnerability (ie. why not AT LEAST release a master password--THE VERY LEAST--it's an "annoyance" they have to deal with and might choose to monkey with someone else's machine. 

Also, understand your Customer. 
1st-Consumer/home User--mainly uses that as a tool as not to remember dozens of PW's (I'm hoping for at least the Consumer that doesn't use same PW for all). 
A "Master Password"-allows for the inability for other home users of a shared computer to access important information 

Examples include the parents that use Online Banking to something as simple as Ebay or Amazon--the "kids" can't monkey around with those accounts. 

As for a "Corporate" user (again)--we're talking your average User (would not know this vulnerability). *AND* someone who is highly technical, again master password at least slows down-"frustrates" their efforts to break in. 

The idea you say "well there's a back door vulnerability" is ridiculously insane.  

For a real world Example---People *DO NOT* install home Security systems to keep a burglar "OUT" (a burglar wants in, he'll figure out how to get in)---The idea is to "frustrate" their efforts *AND*--when in your home--only allow minimal time before the Police arrive. *NOTHING* in the world is 100% (even 95% fail safe). 

The "goal" should be to slow down/frustrate the efforts of those (most common) users who would want to snoop. 

I mean, if the CIA/FBI/NSA can be cracked/hacked---I hardly expect Chrome to have 448-Blowfish type Encryption. A nice 128-bit 'simple" solution *FOR NOW* is desperately needed. 

Again, this baffles me why the "reluctance"/push back to have a Master Password
I mean, I"m currently on 21.0.1180.77 beta-m (and updating as we speak)---VERSION 21!!!!!!! with no Master Password?????? Are you KIDDING ME?

********************************
And, for another thread, but the Password field is broken now anyway--seems to be a "known issue"--but when you try to open it, takes SEVERAL MINUTES to open. (mine about 5-to populate the data). --Which by the way, most of mine are lost--thankfully have hard copy/encrypted backups. 




This bug needs to be OPENED - it's not a SECURITY bug it's a PRIVACY bug.

I want to switch from FF, but I believe that the Chrome devs are secretly fans of Firefox, and I cannot begin to use Chrome/Chromium until this privacy bug is fixed.

If I should be posting it a different thread please please let all of us know.
Project Member Comment 292 by bugdroid1@chromium.org, Oct 14 2012
Labels: Restrict-AddIssueComment-Commit
Mergedinto: chromium:53
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 293 by bugdroid1@chromium.org, Mar 11 2013
Labels: -Area-UI -Feature-Passwords Cr-UI-Browser-Passwords Cr-UI
Sign in to add a comment