Please re-authenticate OS account before syncing local data for the first time |
||||
Issue descriptionUsers who aren't paying attention may loan their computer to a friend who wants to log in to chrome and then have all their local passwords synced to their friends account. If the chrome account is local, and has never been synced to a Google account, and has locally saved information, especially passwords, it would be sensible to ask them to reauthenticate as the OS user (who owns the local data) before uploading it. This will be a minor and understandable friction to users who are intending to sync since it will only happen the first time per computer. We can even skip it if they have no local data. I think on linux the pam_authenticate API would do this. I don't know the alternatives on Mac and Windows. Here is an example story: https://productforums.google.com/forum/#!topic/chrome/x3xQjWkxryk
,
Sep 6
,
Oct 9
Thanks for filing the issue. As per comment#0, it seems to be a feature request, hence marking it as untriaged and requesting dev team to look into it. Thanks.!
,
Oct 30
I think this is a good idea. Another related story: bug 897499. Adding some more folks who might have thoughts about this.
,
Oct 30
Some more thoughts/caveats around this: We'd probably only want to do this if there are locally-saved passwords. We already do a similar OS-account-reauth if you want to look at the stored passwords in chrome://settings. Also, while this should help prevent *accidentally* copying someone else's passwords, it wouldn't actually be a security barrier (but might give that impression to the user...) |
||||
►
Sign in to add a comment |
||||
Comment 1 by phanindra.mandapaka@chromium.org
, Sep 5