You will have to do that for each site you want passwords for, after they have been autofilled (whereas Chrome gives you a convenient list of all saved passwords). It is also a far more technical method than most people are comfortable with. Slower and more difficult, thus less likely to happen casually.
There is also a significant difference in feeling between the two methods. Your suggestion requires far more intent than visiting the settings page. This is important.
We are not talking about defending yourself from a malicious attacker, we are talking about the moments when you pass your computer to a friend so they can look something up. They can now look up your passwords conveniently and without feeling too bad about it.
Exactly. Comparing that javascript with the Chrome situation is just ridiculous. It seems people here are too narrow-minded to understand that even my mother could get a list of all the passwords stored in a computer in 10 seconds.
"Even my mother"? So what? Both Firefox and Chrome are, when left on an unlocked user account, completely exposed to the scariest classes of attackers. But Firefox has taken a cosmetic step to minimize its exposure to the least scary class of attackers. Why bother?
Because the 'least scary class of attackers' represent the vast majority of potential attackers. This feature makes it trivial for a user error (not locking your desktop) to leave your passwords immediately visible to anyone that walks by.
Yes, this is cosmetic and anyone with sufficient technical knowledge can still get the passwords without the chrome:settings page, but this feature widens the pool of capable attackers to absolutely everyone.
Degree of difficulty matters. The technical ability of the attacker matters.
With this feature, it's trivial for absolutely anyone to steal my secrets in seconds.
Without this feature, the time-to-compromise goes up, as does the technical knowledge required. The degree-of-difficulty (which, yes, is still low), goes up.
It is cosmetic, but INTERFACE MATTERS. If you don't want people doing something, don't have a feature that makes it trivially easy.
Hell, if chrome devs really aren't going to do anything at all about this, then a better solution here would be to bring the button to the FRONT of the interface. 'View All Passwords', right beside the 'back' button, navigates you to a raw txt file of websites and passwords. Then, at least, there would be no excuse, no naive assumption that chrome is doing SOMETHING to protect your passwords.
Leaving your machine unlocked for 30 seconds versus 5 minutes is a big difference to some people. Chrome makes password access within the former time limit a more distinct possibility.
Having someone able to casually browse your passwords versus intending to attack your system and breach your trust to get them is a big difference.
Can you not see that Chrome lowers social and emotional barriers to password access by presenting them in this form? That is the concern here.
Your mother knows about chrome:// URLs? Most mundane/non-technical people I know don't know about URLs at all? My mother still types "www.facebook.com" into the Google search bar on google.com.
There is also a significant difference in feeling between the two methods. Your suggestion requires far more intent than visiting the settings page. This is important.
We are not talking about defending yourself from a malicious attacker, we are talking about the moments when you pass your computer to a friend so they can look something up. They can now look up your passwords conveniently and without feeling too bad about it.