[dragonwriter]

> Chrome should ask for the master Keychain password when you attempt to unmask a password. It does not do this, and it could easily do this (like Safari does).

Well, except that you can just dump the passwords from Keychain without the master password.

https://news.ycombinator.com/item?id=4518873

[interpol_p]

But that is completely missing the point relating to intent.

Browsing the Chrome's password page requires far less malicious intent than finding/writing a script to dump someone's keychain passwords.

That's the main issue for me with Chrome. I know people that I wouldn't trust not to navigate to chrome://settings/passwords, yet I would trust them not to actively attempt to defeat my computer's security (no matter how feeble).

Chrome makes it easier to breach trust. A bad design.

[dragonwriter]

> But that is completely missing the point relating to intent.

Well, yeah, I'm certainly not seeing any point there.

> Browsing the Chrome's password page requires far less malicious intent than finding/writing a script to dump someone's keychain passwords.

No, it doesn't. It might require somewhat more effort, but it doesn't require any different amount of intent.

> I know people that I wouldn't trust not to navigate to chrome://settings/passwords, yet I would trust them not to actively attempt to defeat my computer's security

Intentionally navigating to chrome://settings/passwords is no less an active attempt to defeat security than doing a command line dump of the keychain passwords is.

> Chrome makes it easier to breach trust.

Its trivially easy to breach trust in about a million different ways if you are given unsupervised accessed to an unlocked OS user account with sensitive information attached to it. Chrome does not make any significant difference to that.

[interpol_p]

So you are defending the design of this system, even though it has a lower barrier-to-access than the alternative (as implemented by Safari).

> Intentionally navigating to chrome://settings/passwords is no less an active attempt to defeat security than doing a command line dump of the keychain passwords is.

I know people who would navigate to chrome://settings/passwords right in front of me as a way to annoy me — to force me to change my passwords. Their intent would be to annoy and not to attack. The fact is that you need less motivation, and less intent, to go to the password page than to deploy a script / modify the DOM / do any number of other things to get a user's passwords.

Navigating to that page is less of an active attempt to defeat security. Hell, even I feel like it's something I would try on someone's machine when I would never even consider breaching security in another way.

> Its trivially easy to breach trust in about a million different ways if you are given unsupervised accessed to an unlocked OS user account with sensitive information attached to it. Chrome does not make any significant difference to that.

I consider the difference to be significant. I want Chrome to improve its design in this area.

Either securing this page or informing the user that their passwords are readable would be a better design than what is currently implemented. Are you arguing this is not the case?

Just because you can do it a million other ways does not mean you should be fine with this way of accessing a user's private data.