New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 859741 link

Starred by 2 users
Status: WontFix
Owner:
privard@chromium.org
Closed: Dec 20
Cc:
vamshi.kommuri@chromium.org
privard@chromium.org
jayhlee@chromium.org
dpa...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Feature



Sign in to add a comment

Chrome FR: Enable an option to prevent users from seeing saved passwords in Chrome settings

Project Member Reported by cristob...@google.com, Jul 3 
Summary: Customer would like to have an option to prevent users from seeing saved passwords when they go to Settings > Advanced > Manage passwords. Disabling password manager is already an option but this doesn't hide previously saved passwords.


Use case / Motivation: Due to internal security policies on customer's company, end users are not allowed to know the passwords for the services they use. Only administrators have access to passwords and they configure them for every user. However, this can't be achieved because passwords need to be stored in Chrome and users are able to see them.


Existing workarounds: No workaround available. Customer has attempted blacklisting "chrome://settings/passwords" but this doesn't block access to the page when accessing manually.


Case#: 16226104

Comment 1 by ajha@chromium.org, Jul 3

Components: UI>Settings Enterprise

Comment 2 by vamshi.kommuri@chromium.org, Jul 4

Cc: vamshi.kommuri@chromium.org
Labels: -Pri-3 Triaged-ET M-69 Needs-Milestone Target-69 FoundIn-69 OS-Linux OS-Mac OS-Windows Pri-2
Status: Untriaged (was: Unconfirmed)
Thanks for filing the issue!

As per comment#0 it is understood that the issue seems to be a feature request, hence marking it as Untriaged and requesting someone from Devteam to have a look into this.

Comment 3 by rsorokin@chromium.org, Jul 4

Components: UI>Browser>Passwords

Comment 4 by battre@chromium.org, Jul 4

Cc: privard@chromium.org
Please note that there is no way to protect the password that is on the users' computer.

1) The easiest workaround is to right click on a filled password field, click inspect, change the type in <input type="password"> to "text" and see the password.
2) The next step would be to copy this into the URL bar: javascript:alert(document.querySelectorAll("[type='password']")[0].value)
3) The next step would be to install a program that reads and decrypts the password database.

Can you share this and ask whether they really want this? It is so easy to work around.

+privard to triage whether the enterprise team wants to build this. I think that you don't need input from our team.

Comment 5 by rsorokin@chromium.org, Jul 5

Labels: Needs-Feedback

Comment 6 by vasi...@chromium.org, Jul 16

Owner: privard@chromium.org
Status: Assigned (was: Untriaged)

Comment 7 by privard@chromium.org, Dec 20

Status: WontFix (was: Assigned)
As per #c4, this isn't an FR that we can effectively implement, it's just too easy for users to get the passwords once they're filled.

Sign in to add a comment