|
|
|
|
|
|
by iainmerrick
237 days ago
|
|
|
You’re right, of course, but this reminds me of when Chrome didn’t obscure your passwords when looking at its autofill settings. The developers argued that it would just be security by obscurity -- if somebody has access to your computer when it’s unlocked, they can do anything they want, so obscuring your passwords does nothing. The counter-argument is, even if it’s not perfectly secure, that extra bit of friction before you can see the passwords is useful, and may just save your bacon if a casual thief has access to your computer for a few seconds. The Chrome team eventually saw sense and added some client-side password protection. As long as you don’t only have client-side protections, of course (and maybe your clueless auditors were making that mistake). |
|
|