When signout of chrome all saved passwords and form fields remain
Reported by
hansonj...@gmail.com,
Sep 18 2017
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Steps to reproduce the problem: 1. Sign into a fresh installation of Chrome 2. Wait for settings and passwords to be imported 3. Sign out. Passwords remain cached in browser, wtf. What is the expected behavior? If i sign out I expect my personal details and passwords to be removed from the browser What went wrong? After sigining out of Chrome my passwords and form fields remain saved in the browser. I'm using a public PC and now anyone can access my email, facebook etc. wtf is going on? If I explicitly signout of the browser I expect by cached passwords to be removed. Did this work before? N/A Chrome version: 60.0.3112.113 Channel: n/a OS Version: 10.0 Flash Version: If this is by design I think it needs urgent review.
,
Sep 18 2017
Thank you for this elawre, you're right, checking this option does work after I signed back in then out again checking the box. The process of removing passwords from settings only allows you to remove them individually and would have been most laborious. I think that the expected behavior here would be for Chrome to check that option as default. I hope that Google look at this in future, as I am sure many people are getting caught out by this when using public machines.
,
Sep 18 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 19 2017
#3: Thanks, I'm dropping the security label.
,
Sep 19 2017
To the original requester, other ways to remove all your passwords Settings -> Advanced -> Clear browsing data -> leave passwords checked -> CLEAR BROWSING DATA button or Settings -> Manage other people -> Three dots in upper right corner of icon for the given profile -> Remove this person To your point about defaulting to clear vs keep, +ewald who did some thinking about this semi-recently on mobile. Have we considered clearing local data on desktop by default in certain cases? What if everything is synced? What if you signed in for the first time more recently than n hours ago? Or other shared device signals.
,
Sep 21 2017
hansonj445@ as per comment #3 should we close this issue? Thank You...
,
Sep 21 2017
First, you should never sign in to Chrome on a public or untrusted machine. We state as much in our help center article (https://support.google.com/chrome/answer/185277). Public machines are inherently unsafe, so syncing all of your passwords to the machine is unadvised. If you need to access your passwords on a public machine, I recommend using passwords.google.com. The default behavior is WAI. Most users that sign out of Chrome are doing so on their own computer, and it would be unexpected/confusing to delete their profile just because they want to turn off sync. This will be improved/made more clear when project Dice launches, as the button will be renamed from "Sign out of Chrome" to "Turn off sync." Last thing I'll note is that we've investigated implementing smarter heuristics for shared profiles in the past (Sky, you remember that work well I'm sure!) We had opened Issue 640397, but it never got prioritized. Once we've rolled out project Dice, we may want to revisit shared profiles to see whether we can improve upon these types of scenarios.
,
Nov 8 2017
Issue 780574 has been merged into this issue.
,
Nov 28 2017
Issue 789046 has been merged into this issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by elawrence@chromium.org
, Sep 18 2017