![]() It shouldn't be particularly difficult inĪ technical sense. It is a bit hard to understand why the Chrome developers are so unwilling Installing a keylogger and a "friend" who thinks it would be funny to There is certainly aīig difference between a sophisticated hacker willing to risk jail time by That doesn't mean it provides no protection. Overestimates the amount of protection that a master password provides, but Sites, like banks and brokerages, have startedĭisallowing credential storage-a master password protecting them Given the sensitivity of stored passwords-though many sensitive web Semi-untrusted users to jump on and do a quick Google-or check Gmail. "Software Security Device"), which will allow With Firefox, one can start a newīrowser and not provide the master password (or just log out of the Someone to use your open browser session-or even to start a new oneįor them to use. Essentially,īecause of the way Chrome is implemented, there is no secure way to allow To Chrome developer Peter Kasting is to " lock your desktop (it's two keys!) or closeĬhrome" if you don't trust those with physical access. ![]() What may escape notice is someone using theīrowser interface in fairly standard ways-to look at stored passwords Might very well notice someone installing a keylogger or running some kind Those uses are typically short in durationĪnd are "semi-supervised" in the sense that the owner is often around and True that many people allow their computer to be used by others to do a It is certainly true that anyone who gets physical access to your machineĬan do an amazing amount of harm to it if they want to. Since theĭata is encrypted on Windows, the picture there is a little murkier. Ways to get that access aren't very hard to envision. Is a security hole it definitely requires access to the data,Įither on the machine itself or elsewhere-like a network share or backup of the homeĭirectory. Leaving an unencrypted version of all stored passwords on the disk In a blog posting, it is trivial to extract the credentials stored byįiled against Chrome in September 2008 requests adding a master password,Īnd, while it has seen many comments, it has also seen little action on the Using the user's session information-but only on Windows-for Without a master password, Firefox stores credential information The credential storage before the browser can auto-fill login forms. The master password is required to unlock (really decrypt) (username and password) for accessing web sites that are stored by The idea behind a master password is to protect the credentials ![]() Provide an illusion of security, but that is an oversimplification. Google's position seems to be that master passwords only The point of saying that they won't use the browser until it is Some time, but Google's Chrome browser does not, nor does it seem to haveĪny kind of priority to be added. Master passwords for browsers provide a measure of security against someĬommon, if weak, attack vectors.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |