[Jetroid]

A very interesting article, and it highlights an attack vector that I wasn't aware of. So, thanks for publishing!

One thing the article lacks - it talks about (and even recommends) being able to pick a different passphrase, but offers no guidance for how someone might go about doing that.

I looked, but couldn't see anything. Not in Chrome, not in passwords.google.com, not in Android.

[ndeast]

You can set a sync passphrase in chrome://settings/syncSetup under Encryption Options.

[snazz]

I intentionally don't have a sync passphrase set because I'm guessing that it makes passwords.google.com unusable. Is that true?

[ndeast]

Yeah setting a passphrase kills the online password manager.

I have long since switched to using 1Password for everything, but it was seeing passwords.google.com for the first time that freaked me out enough to switch to a passphrase.