New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 1397 link

Starred by 429 users

Comments by non-members will not trigger notification emails to users who starred this issue.

Issue metadata

Status: Duplicate
Merged: issue 53
Owner: ----
Closed: Oct 2009
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Restricted
  • Only users with Commit permission may comment.



Sign in to add a comment

Master password is missing

Reported by chandras...@gmail.com, Sep 5 2008

Issue description

Master password setup is missing where we can authenticate the used to show 
the stored passwords.
 
Showing comments 194 - 293 of 293 Older
Absolutely - I'm fed up with Firefox and would absolutely love to use Chrome, but the lack of a master password is a show stopper. 

Browsing the comments, there's a few idealistic comments along the lines of "it's only an illusion of security" and "a determined hacker could still get past a master password", fair comments - but this is still preventing uptake of the Chrome browser for multitudes of people. Why waste considerable money on slick advertising campaigns comparing Chrome to potato guns and the like, when implementing this (seemingly) simple feature would bring those multitides into the Chrome fold. You could even display a disclaimer when the feature is enabled to absolve any responsibility for determined hacks.

One other negative I saw cited was that a casual user using someone else's machine would be pestered by the 'enter master password' dialog multiple times - for that an easy fix is just to ask, on the second or third cancellation of the dialog, 'do you want Chrome to stop asking for the master password for the remainder of this session?'. 


 Issue 50393  has been merged into this issue.
Strange! The feature is really important..Add it please, because i don't want to use the tools like lastpass to store my passwords there

Comment 197 by Deleted ...@, Aug 14 2010

I'm absolutely livid that such a feature hasn't been added already. I would actually appreciate Chrome once this much-needed feature has been implemented.

D.
 Issue 53696  has been merged into this issue.
This is a 2 years old bug report. And no master password yet. Im giving up on Chrome until this is fixed... 

Comment 200 by waw...@gmail.com, Aug 28 2010

I didn't realize it when my issue got merged into this one, but this issue has been closed since October 2009.

I think getting your issue merged into this one is a round about way of squashing your Issue ID.

Comment 201 by Deleted ...@, Sep 5 2010

This still hasn't been fixed!?

Okay, I get the argument. Master passwords aren't perfect. Windows crypto works fine. You shouldn't let other people use your computer while you're logged in. After all, every modern OS has a quick "switch user" or "guest" facility. Only let people borrow your computer if you trust them. Okay, okay, I understand.

It still annoys me, as well as the trusted person who is borrowing my computer, when the other person tries to log into some website and Chrome automatically fills the login form with my username and password. Not annoying in the same way that Firefox is annoying (it displays a dammed modal dialog every time!) but still very annoying.

Comment 202 Deleted

Comment 203 by Deleted ...@, Sep 19 2010

Yea i dont see why there isn't a master password...jsut doesnt make sense, its like keeping your money stored in a un-breakable safe, but with the keys to it right in front of the door...
 Issue 57596  has been merged into this issue.

Comment 205 Deleted

 Issue 47820  has been merged into this issue.
 Issue 57570  has been merged into this issue.
Of course one can always be careful. With this kind of reasoning, I do really not need any encryption technology when I communicate to my bank because they could always give me a piece of paper with a one time pad encryption key that I can keep in my underpants and destroy every time I go to sleep.

Seriously people, security technology is here so that having security is not an inconvenience. I don't want to always worry about whether or not I remembered to lock the screen when I am away from my office computer for 5 minutes. 

At the end of the day, if they wanted to implement this, they would not have merged it with a completely unrelated issue and closed it. This is not gonna happen, so stick to Firefox. Then you can have security without being inconvenienced. 
Since there is no tool for us to see how many of us need this master-password must-have implementation, I have created a blog with one pool regarding explicitly this issue. Please vote pro or contra implementing master password in Chrome.
http://securemybrowser.blogspot.com/
 Issue 59456  has been merged into this issue.
We just need a master password when it is sophisticated enough to provide remote theft protection. For other needs, just remember to lock your computer with a strong password!
@#212 and others...

"You’ve laid out many scenarios in which this might be useful, but the most common is that if your computer were to fall into the wrong hands, that person would then have access to your saved passwords.

While we agree that this situation would be terrible, we believe that a master password would not sufficiently protect you from danger. Someone with physical access to your computer could install a keylogger to steal your passwords or go to the sites where your passwords are stored and get them from the automatically filled-in password fields. A master password required to show saved passwords would not prevent these outcomes."

That is bad reasoning.

The mechanism you use to encrypt my password means only that a person (for example, someone in my company's IT staff,) that can reset my password can gain access to every password I have protected.

True, if someone has physical access to my computer, they can install a key logger and sniff data.  But I think the far greater risk is my laptop falling into the wrong hands and staying their while they take time to do forensic research and recover personal and private data -- not someone sneaking onto my laptop (physical access or not) to sniff my keystrokes.

I would add that to exploit as you described with a keylogger does not require physical access at all.  If someone's system is compromised in this way, then it is compromised regardless.

I would argue, then, that you should add a "non-keystroke" second factor of authentication -- e.g., "select the correct one of several randomly placed images", or "click a numeric PIN" -- things that are not sniffed as easily.

A strong encryption algorithm with a strong passphrase is inarguably the best option available to us -- far better than a simple mechanism that any puke who has access or the ability to change my account password will provide.
+1

A master password may not protect against a keylogger attack specifically. But it does protect against other forms of attack. The keylogger/rootkit approach requires the attacker to leave (detectable) traces of his attempt. His kit might need a connection to a server. Or he might need to come back to retrieve whatever was logged. Furthermore: nosy girlfriends, friends or family and other non-professional hackers with physical access usually don't go as far as to install keyloggers and rootkits. Currently grandma can just view and steal the password without leaving a single trace. 

That's just too easy! 
 Issue 61600  has been merged into this issue.
In case this helps, it seems like you can configure the "Show passwords" button from the registry.
For more information, see this page -
http://dev.chromium.org/administrators/policy-list-3#PasswordManagerAllowShowPasswords
So can an unauthorized person just change this registery settings to see all the passwords on someone elses machine? If so then no, it doesn't help.
@216
It's interesting, but this bug is as much for the average user who has never heard of the registry but still saves password in Chrome, as it is for us.
@213 "But I think the far greater risk is my laptop falling into the wrong hands and staying their while they take time to do forensic research and recover personal and private data"

That would be my main reason for password encryption of passwords as well. The thing is, right now, you don't even have to be a forensic expert, nor you need any knowledge about trojans and keyloggers. You open chrome and write down all the passwords. That is a no go for all mobile devices
 Issue 61768  has been merged into this issue.
Can't this be made pluggable, so that if google doesn't care about casual security, at least others can provide plug in modules that do?


Comment 222 by pam@chromium.org, Nov 6 2010

 Issue 62159  has been merged into this issue.

Comment 223 by Deleted ...@, Dec 20 2010

Agree with everyone. We need a master password!! i've just realised this problem and probably will switch back to firefox if this is not resolved soon
 Issue 68374  has been merged into this issue.

Comment 225 Deleted

Over 2 years and Google does nothing about this glaring security issue. Can this be solved with an extension?
 Issue 70547  has been merged into this issue.
 Issue 72163  has been merged into this issue.

Comment 229 by Deleted ...@, Feb 7 2011

Surely whether Chrome had a master password or not, a keylogger would still collect passwords as they were typed.
However, if Chrome had encrypted passwords, typed them into websites with two-channel auto-type obfuscation (à la KeePass) and required authentication to unlock these passwords then it would be secure enough for most users and anyone who considered this insecure could choose not to use this.
Keylogger or not, this will keep me from using Chrome as my primary browser (and install Fennec on any Android device I buy). Hundreds, if not thousands of users have requested this feature, and Google obstinately refuses to implement a simple security feature.

My kids occasionally use my computer, and I don't want to have to set up user accounts for everybody. Simply closing and reopening my browser should be enough to protect my passwords while allowing a "guest" to use my PC.
 Issue 72270  has been merged into this issue.

Comment 232 Deleted

Comment 233 Deleted

For linux systems that use gnome-keyring or the KDE equivalent you could lock your keyring before leaving your PC. Unfortunately I don't know the equivalent in Windows.

Had to run google chrome with --password-store=gnome to use my keyring.

To lock your gnome-keyring in Ubuntu at least you could either use seahorse or run:

python -c "import gnomekeyring;gnomekeyring.lock_sync('login')"

Another thing to note is that gnome-keyring is locked by default when you lock your screen. Passwords are then encrypted again.

This is enough for me to use chrome even if there is no master password.

Comment 235 by Deleted ...@, Mar 7 2011

There are admins that could sign on to computers at work, so LOCK COMPUTER cannot work for keeping my passwords safe from just a random user.  For 99% of the time, this is a private computer.  But I cannot be 100% sure some admin won't sign on.  Please don't bother responding to this with, well don't store your passwords on your public computer. Lame.
 Issue 75411  has been merged into this issue.

Comment 237 by goo...@tiros.net, Mar 9 2011

An alternative is to use KeePass (Windows). Nice solution, but too complex for many users.

Comment 238 by Deleted ...@, Mar 14 2011

Without this so basic feature Chrome gets a HUGE UNLIKE from me. Going back to Firefox which has this function. I can't believe that Google is so incompetent in this issue. 40 years ago men was on the Moon. I don't think this is rocket science...  
 Issue 76478  has been merged into this issue.
Labels: -DesignDocNeeded bulkmove Action-DesignDocNeeded
Mergedinto: -0
Master password setup is missing where we can authenticate the used to show 
the stored passwords.
The "master password is an illusion of security" excuse is a total cop-out. I don't use a master password to keep malicious hackers that have physical access to my computer out of my stuff, I use it so that my friends and family don't have instant access to all of my websites when I leave my computer unlocked for them to use. I love Chrome, but a master password really should be implemented. I'm sick of having to open Keeppass every time that I need a password.
"master password is an illusion of security", yes but such a feature like "Show password" is ABSOLUTELY awfull!!!
 Issue 76940  has been merged into this issue.
 Issue 75897  has been merged into this issue.

Comment 245 by Deleted ...@, Mar 28 2011

I just set a new user at our company up with Lastpass and for chrome to never offer to save passwords because this feature is not yet implemented on Chrome. I still set them up on Chrome but it would be nice to not have to use Lastpass if possible.

Comment 246 by Deleted ...@, Mar 28 2011

Design doc = Firefox Master password!!!!! Duh. DO IT.

Comment 247 Deleted

How can users wait from Chrome developing team to understand the problems they are facing when they are so bad organized that they have several threads for the same Issue. 
This Master Password Issues is also discuses here (perhaps other threads also.. don't have time to loose with such lack of support team and search for more) http://code.google.com/p/chromium/issues/detail?id=53 with the same "ignoring users" solution from the part of the developing team.
Google is wondering why Android phones and tablets didn't reached the level of professionalism of Apple's products?  
Dear Google please stop playing the act of being open source and open minded and start being an open source and open minded company ( at least on those places you say you are).
Saying that a master password is an illusion of security because there are ways around it is like saying that a lock on a door is an illusion of security because someone can bash down the door with a sledge hammer.  Like a door lock, a master password *does* prevent *some* avenues of attack.  If the password manager encrypts its stored passwords using my master password as a key and my laptop gets stolen, the thief won't be able to get his hands on my passwords without the master password.  That's not an illusion of security; it's an essential safeguard.

Comment 250 by Deleted ...@, May 8 2011

"We understand that many of you want a master password for your saved passwords in Google Chrome.  You’ve laid out many scenarios in which this might be useful, but the most common is that if your computer were to fall into the wrong hands, that person would then have access to your saved passwords.

While we agree that this situation would be terrible, we believe that a master password would not sufficiently protect you from danger. Someone with physical access to your computer could install a keylogger to steal your passwords or go to the sites where your passwords are stored and get them from the automatically filled-in password fields. A master password required to show saved passwords would not prevent these outcomes.

Currently, the best method for protecting your saved passwords is to lock your computer whenever you step away from it, even for a short period of time.  We encrypt your saved passwords on your hard disk. To access these passwords, someone would either need to log in as you or circumvent the encryption.

We know this is a long-standing issue, and we see where you're coming from. Please know that your security is our highest priority, and our decision not to implement the master password feature is based on our belief that it creates a false sense of security instead of actually providing a strong security benefit."
-Google. Its true. A citity wall can be as much protective as it can be a death trap. 

Comment 251 by Deleted ...@, May 17 2011

Ok then. Take this scenario: You use Google chrome at work. All your passwords are nicely synced between work and home. When you leave your job, you hand your laptop/computer back in... "oh, crap. I forgot to uninstall chrome"!!! The next person to log in (admin or whoever) now has access to all your passwords.

Scenario 2: You've got your laptop out for a party. You leave it unlocked so others can select music. One person decides they want to check their Facebook account: fire up chrome, now they're in YOUR Facebook account.

This has been requested by SOOOOOooooooo many people; listen to your users.
I find Google so wonderfully considerate not to add a master password. I hate living in a world with a "false sense of security.”  Beware! Your grocer might be poisoning your apples! Only in college did I realize my insecurities after drinking punch at a party!

You all are fools to ask for such a feature. A toddler once bought a car on eBay. Don't you fear that a toddler might come on your browser and steal your passwords?

Hell, I know a thing or two about getting rid of false illusions, and it seems that Google does too!  When Chrome offers you to save a password, a key icon appears to the left. Everyone knows a key locks a door that any seasoned toddler thief can remove from the hinges! If a key icon doesn't suggest your saved passwords are insecure, I don't know what does.

Google also encourages you to sync these open passwords just like bookmark. Nothing teaches security like the mantra that a password is really just a bookmark.

To further correct your illusions, Chrome doesn't even tell you that your passwords are left completely out in the open. It’s better for you to arrive at the manage passwords page and have Google scare you shitless! That's the only way you all will learn a thing or two about security. 

To all you haters: Keep loving Firefox until a pack of ninjas breaks into your house, works around your firmware password, breaks through your master password, and steals your Facebook account.  Join along with me in using Chrome, or you'll learn the hard way.

I've got a suggestion to make. (You can’t only praise Google in a post! Lol!) Please get rid of those stars and dots that mask passwords for the remember passwords feature. People might learn a bit faster.
Master Password feature is very important... many times this happens that  relatives or friends are visiting & wanna check a quick email... in the meantime, one has to fetch some food Or stuff for guests... here u go, ur passwords are a public property now& even before u can recall this flaw in chrome. Google's concern for privacy of users becomes doubtful. Master password feature is a MUST...

For keyloggers & hackers antivirus programs are there... & the usual reply given here that they can still hack in is outright hilarious... Like ya, if u take all necessary precautionary measures you will still die one day ... oh come on google I like chrome, plz don't make me switch.
More than half of the interested users of Chrome are asking for this feature. Implement it at par with Firefox or IE. At home, most of us share computers, many with a single login. Or parents sharing their user account with children. This is the nature of Windows and it's casual usage for browsing, similar to iPad browsing. Those of use would like to have Chrome store passwords are appalled by Personal Stuff, and the SHOW option. Once you hit Personal Stuff, and before SHOW, you should be prompted for master password, similar path as Firefox. Or with IE, it stores them and not ever viewable in clear text, simple encryption within flat db, and overwritten if change in login. Simple. Done. Please change this Google.

Comment 255 by Deleted ...@, Sep 1 2011

I can't believe this issue hasn't been addressed.  Seriously?  How in the WORLD does Google think it's fine to leave people's save passwords unsecured in a browser?  Any person with access to the computer can open Chrome and easily view every single password a person has stored in Chrome.  This is IDIOTIC.  What the hell, Google?
this will be less severe when/if  bug 92117  will be fixed and profiles will be alive

Comment 257 by Deleted ...@, Sep 5 2011

The one I have been using with firefox is perfect, type in Master pwd once per session to unlock. Locks down when I close browser, if I leave the browser unattended and unlocked well that's my problem/fault. 

It is unbelievable this feature is not added to Chrome. I have held off making Chrome my browser of choice, recently deciding to convert permanently then I find this obstacle. 
Everything else I love but because of this one issue I am staying with firefox, I am prepared to go without all the Chrome goodness to be able master lock my passwords.
Concur with many comments here - esp. 257. I'm looking to switch from FFOX due to performance issues but, it has an easy-to-use (and I presume secure) method of securing saved passwords. If Chrome doesn't have it, the security risk is too high for me and I'm left with no choice but FFOX or, find some app that stores PC-wide passwords securely.

Comment 259 by Deleted ...@, Oct 23 2011

Let me just add to the (seemingly) ignored issue. And this is the same analogy previously mentioned in another comment.

The argument against this feature says that it's just "security through obscurity" since a user with physical access can circumvent the security. So does this mean I shouldn't bother storing my important belongings in a safe at home since my friends have physical access to it in my house? So I should just leave important belongings and thousands in cash out in the open because well, "their in my house and trusted". Lol. Does this mean I should put my private belongings on my living table for everyone to see since they could find it anyway in my bedroom? Should I not lock my car since a person has physical access to the windows? Does this mean I shouldn't encrypt sensitive data since a user with access to my machine can find it? Does this mean I shouldn't password protect my machine at work being that my co-workers have physical access to it and it's not secure anyway?

Additional layers of security that are possibly crackable with physical access does NOT mean that security is "security through obscurity" and I'm surprised google (of all people) defined it this way. They are just additional measures of security (crackable or not) and most if not all things are crackable but that doesn't mean that I shouldn't have more security added wherever possible.

I mean... c'mon google... YOU'RE STORING MY PASSWORDS IN PLAIN TEXT. Isn't that like security 101?

Comment 260 Deleted

Comment 261 by Deleted ...@, Oct 26 2011

ROFL, can't belive this is still not implemented for 2 years?... whats the reason and where is a statement of the dev team about this.

sorry i have not the time for a long comment, as i have now to switch back to FF...

I just want to have a strong master password for the session, so i can save my not so strong forum passwords here in the browser.. thats no kind ob obscurity!

may be it has to be don by public private key? as the algorithm would be open source but i would had no problem with that... 
 Issue 102267  has been merged into this issue.
those silly google android/skype guys should have been told that it is completely ok to store unencrypted user data and they should store password in that way as well :-)
Once you have malicious app on your pc/phone, encrypting is useless,
if you don't have malicious app you don't need encrypting. q.e.d.
 

http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/


What about a malicious *person*?  IE, someone steals your laptop.  If the passwords are encrypted, they're in no immediate danger of being compromised.  If they're unencrypted, you better hope you can race to another computer and change them before the thief has a chance to exploit them.

Comment 265 by Deleted ...@, Nov 23 2011

Absolutely rite
I just now realized that Chrome lacks a master password feature, and as such, I will be deleting it from all of my workstations and uninstalling it until such time as Google sees fit to listen to the users.

The fact is that computers are subject to casual use by friends and family, and I have no desire for my wife or friends to be able to see my passwords in plain text with two clicks of a mouse.  Call it a "false sense of security" and mock if you will, but Chrome is out. 

Comment 267 by Deleted ...@, Nov 29 2011

Use Lastpass brah, no need to sweat over stubborn devs. Chrome has other features that makes it superior I guess. B)
Since 2008? Wow. What's wrong with Google? I thought these guys were the cream of the country. First of all, you can't deny access to everyone. A friend comes over and wants to use facebook, you can't deny him nor can you watch him all the time. He can easily just go to settings and sneak a peak jst for fun. Agreed he could install a keylogger, but few people are that techsavvy. Sneaking a peak at Chrome's settings is something few people can do. Not to mention the antivirus scanners which make it hard to install keyloggers. A peak at chrome setting, however is no big deal. i find google's keylogger excuse really lame. How many average net users know about them? How many can actually sneakily install them? How many can get past A/Vs and install them. When a malicious bugger has access to your PC, it sucks, he can do a lot of damage. but with Chrome, your average Tom Dick or Harry can be a net terrorist with 4 easy clicks!


I can't believe that the "portable" issue hasn't been raised more frequently.

A master password is MOST important when Chrome/Chromium is stored on a USB Pen drive that is formatted FAT32 (with no encryption), and is shared between (many) computers.

The whole point of having a Portable Browser is so that you don't have to trust Cyber Cafe computers.  It is MUCH more useful if it also stores (encrypted) your passwords for each website.  This SOLVES the KeyLogger problem, since a keylogger on such an untrusted computer would NOT be able to intercept you typing your password... the password would be inserted by Chrome.  Maybe such a Keylogger could intercept your MASTER password, but that wouldn't compromise anything, provided that it is different from your website passwords.

 Issue 112621  has been merged into this issue.

Comment 271 Deleted

As this issue is open for so long and nothing ever happens, I very strongly believe that there is a purpose behind this. Keeping the stored passwords easily available for any person who is interested in using them for malicious purposes must fulfill some political goal for Google,
 
Maybe Google is trying to keep people from using too many different sites, so they will ultimately concentrate on a single sign-on at google+? And stop using others because of the security risk?

Uh.... you mean it's been *CLOSED* for so long.  The bug was dup'ed away and closed
in Comment 104.  See the status info: bug Closed since Oct 2009.
Google's refusing to add the Master Password for the browser's stored passwords is simply telling the userbase that Google doesn't listen to feature requests. Not everyone is going to install Chrome/Chromium in the user's personal folder (I use the "portable" ZIP file version, with a shortcut to put the profile folder in /chrome/profile, for example).

Not sure if I want to *ever* use Chrome again, after listening to 300+ users get ignored.
Why Google haven't add this function in the update today. At least put identify person's security question. Or all the saved password will be easily leaked to anybody. Please do that. By the way, does Firefox has that function?
Why Google haven't add this function in the update today. At least put identify person's security question. Or all the saved password will be easily leaked to anybody. Please do that. By the way, does Firefox has that function?
Why Google haven't add this function in the update today. At least put identify person's security question. Or all the saved password will be easily leaked to anybody. Please do that. By the way, does Firefox has that function?
 Issue 116209  has been merged into this issue.

Comment 279 by Deleted ...@, Feb 29 2012

Opera can even set a master password.
I like chrome it comes in very handy but I just noticed that it can even save your credit card info for you... do I really need to add to all that has been said over the past years?!?!?!?! How can we get this problem opened again?
@teachservices.com: I also (used to) use Chrome portable, and the lack of a master password makes it utterly insecure, so I didn't let it ever save password... what a waste!

If you want to hear of 300+ MORE users ignored by Chrome devteam, take a look at the Vertical Side Tabs issue, and how they took away a wonderful feature with a short, two sentence reply including a bold-faced lie (that they didn't work... 100's of people used them DESPITE the fact that you had to jump through hoops to turn them on):

http://code.google.com/p/chromium/issues/detail?id=99332

" Issue 116209  has been merged into this issue."

With people continually asking for this feature, maybe this is a FEATURE YOU SHOULD IMPLEMENT???
This issue indicates closed Oct 2009. If the issue was resolved, then what was the resolution? Comments from that month indicate devs would reexamine the issue.

4 clicks continues to display all passwords in plain text. The official Chrome help page has no mention of this issue.

Comment 283 by Deleted ...@, Mar 28 2012

So many people talking about a false sense of security when using a master password. 

But there is only one FACT:
Using a master password requires MORE effort to get the passwords than not using a master password.

EXAMPLE:
If someone has access to your harddisk:
Using a master password requires him/her to actively try to decrypt the password store. 
Chrome says the password is encrypted too, but because I am not required to type in a master password, the master password must also exit on the same harddisk, so getting the passwords is a lot more easy, maybe there is already a tool out there, which gets the password on one click.

I just 2 days ago switched from firefox to chrome. I read that Google hired some main firefox developers who wrote big parts on chrome in the first days. That convinced me a bit. But now I am disappointed again, and think I will stick to firefox.

Bye Chrome.

Comment 284 by Deleted ...@, Apr 4 2012

Wow I cannot believe how long this has been a crucial issue. 
Labels: -Area-BrowserUI -Mstone-X -bulkmove -Action-DesignDocNeeded Area-UI Feature-Passwords
Mergedinto: 53
While I would love to replace firefox with chrome - firefox gets slower with every new release - the very fact that chrome does not yet have a master password, after several years of this feature request, is utterly pathetic! Without this feature I can't even consider using chrome instead of firefox for anything other than basic browsing.

Such a simple feature request - yet google still refuses to implement it... bizarre.

Comment 287 by Deleted ...@, Jul 17 2012

Was considering to replace Firefox with Chrome. When i found out this option is missing, i stopped using chrome. My Computer is running all day long and when im on toilet or something, everyone could read all my passwords within seconds...

I'll Try Chrome again when this feature is implemented.
Since I just found out my passwords are lying around unencrypted for everyone to read and prepended with the kind notice '[password]' in front of them in 'Login Data' (#138147) and since there is no way to set a Master password I'm immediately stop using Chromium.

It's ridiculous that such ultra important features like a simple master password which are demanded since #53 won't be implemented. Now we have issues with 6-digit-number-monsters and no master password option in sight.

Google seems to have a quiet strange sense of humour, but I don't find it funny...
I am adding my bid to this even more.
I had a computer at work I synced up and when I left failed to wipe properly. If it wasn't for the fact that the people I knew there were kind I would have risked having a bad person just a few clicks away from EVERY SINGLE PASSWORD I have stored for easy use on online services.

What I find pathetic is that you are willing to encrypt data sent over the internet but you are not willing to add a simple password to prevent even just simple prying eye from looking at my passwords. Store the password in a simple encryption for all I care, if you add a password which stops the prying eyes of my parents, brother and friends then I am fine.
This reply is about 4-years old, however reason I'm addressing it is that this issue is *STILL NOT* fixed. 
******************
Comment 25 by aba...@chromium.org, Nov 30, 2008
I'm confirming this issue as there is indeed no master password.

jspeavey, would you consider this issue addressed if there was a master password in 
the browser UI but someone could circumvent the master password by using sqlite on 
the command line to look at the password store directly?
****************************

Also to answer your question in both a consumer and corporate environment, it's highly unlikely your "average" user would know this vulnerability (ie. why not AT LEAST release a master password--THE VERY LEAST--it's an "annoyance" they have to deal with and might choose to monkey with someone else's machine. 

Also, understand your Customer. 
1st-Consumer/home User--mainly uses that as a tool as not to remember dozens of PW's (I'm hoping for at least the Consumer that doesn't use same PW for all). 
A "Master Password"-allows for the inability for other home users of a shared computer to access important information 

Examples include the parents that use Online Banking to something as simple as Ebay or Amazon--the "kids" can't monkey around with those accounts. 

As for a "Corporate" user (again)--we're talking your average User (would not know this vulnerability). *AND* someone who is highly technical, again master password at least slows down-"frustrates" their efforts to break in. 

The idea you say "well there's a back door vulnerability" is ridiculously insane.  

For a real world Example---People *DO NOT* install home Security systems to keep a burglar "OUT" (a burglar wants in, he'll figure out how to get in)---The idea is to "frustrate" their efforts *AND*--when in your home--only allow minimal time before the Police arrive. *NOTHING* in the world is 100% (even 95% fail safe). 

The "goal" should be to slow down/frustrate the efforts of those (most common) users who would want to snoop. 

I mean, if the CIA/FBI/NSA can be cracked/hacked---I hardly expect Chrome to have 448-Blowfish type Encryption. A nice 128-bit 'simple" solution *FOR NOW* is desperately needed. 

Again, this baffles me why the "reluctance"/push back to have a Master Password
I mean, I"m currently on 21.0.1180.77 beta-m (and updating as we speak)---VERSION 21!!!!!!! with no Master Password?????? Are you KIDDING ME?

********************************
And, for another thread, but the Password field is broken now anyway--seems to be a "known issue"--but when you try to open it, takes SEVERAL MINUTES to open. (mine about 5-to populate the data). --Which by the way, most of mine are lost--thankfully have hard copy/encrypted backups. 




This bug needs to be OPENED - it's not a SECURITY bug it's a PRIVACY bug.

I want to switch from FF, but I believe that the Chrome devs are secretly fans of Firefox, and I cannot begin to use Chrome/Chromium until this privacy bug is fixed.

If I should be posting it a different thread please please let all of us know.
Project Member

Comment 292 by bugdroid1@chromium.org, Oct 14 2012

Labels: Restrict-AddIssueComment-Commit
Mergedinto: chromium:53
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 293 by bugdroid1@chromium.org, Mar 11 2013

Labels: -Area-UI -Feature-Passwords Cr-UI-Browser-Passwords Cr-UI
Showing comments 194 - 293 of 293 Older

Sign in to add a comment