[danielweber]

I've talked to my less-technical relatives who use browsers, and they've all known that saving passwords means that someone who gets access to their computer means they get access to their accounts and/or passwords.

Not everything is black magic and dark arts.

[interpol_p]

I showed two developer friends at work today the ease at which I could recover their Chrome passwords. They were both surprised that they were clearly visible on the settings page.

Both have since stopped storing passwords in Chrome.

Both developers expected their Keychain password to be needed before unmasking their stored passwords. It shocked them that this was not the case.

A better fix for this would be to require the Keychain password before showing all passwords. There is no harm in doing this.