[astalwick]

Degree of difficulty matters. The technical ability of the attacker matters.

With this feature, it's trivial for absolutely anyone to steal my secrets in seconds.

Without this feature, the time-to-compromise goes up, as does the technical knowledge required. The degree-of-difficulty (which, yes, is still low), goes up.

It is cosmetic, but INTERFACE MATTERS. If you don't want people doing something, don't have a feature that makes it trivially easy.

Hell, if chrome devs really aren't going to do anything at all about this, then a better solution here would be to bring the button to the FRONT of the interface. 'View All Passwords', right beside the 'back' button, navigates you to a raw txt file of websites and passwords. Then, at least, there would be no excuse, no naive assumption that chrome is doing SOMETHING to protect your passwords.

[tptacek]

Yes, degree of difficulty matters. We don't disagree on that. It's the fundamental rule of security.

What we disagree on is the specific degree in this case. You think it's significant. I know it's not. Chrome's security design is denominated in thousands of dollars. This is a penny feature, and one with potential liabilities; it could cost more than it benefits.

[astalwick]

With the feature, I can explain to my mom, my girlfriend, my sister how to steal passwords from any chrome browser. In a way that they will remember and be able to repeat tomorrow.

Without it, I can't.

That matters.

[tptacek]

I am not interested in security features that work only against my mom, and you shouldn't be interested in them either.

[astalwick]

So, but, really: I am interested, as are a lot of other people. Hence the gnashing of teeth.

I'm not thrilled by the security community's black-and-white stance that if it can't stop a defcon attendee, then it's not real security and it's not worth doing.

If my mom can be stopped, and it's simple to stop her, then I really don't get the resistance. 'False sense of security'? Yeah, that ship has already sailed. That's why the Guardian is writing articles like this - people are surprised to learn HOW trivial it is to steal passwords in chrome.

[tptacek]

You make it sound like that stance is elitist, but it's the opposite: it's our knowledge of how easy it is to get the level of "Defcon Attendee" that motivates us not to implement cosmetic security features.

[astalwick]

But it's not. Not THAT easy. I'm a developer, with a fair bit of experience, and I'm nowhere near the average defcon attendee. (Unless I'm badly overestimating their abilities).

My mom? She asked a shop owner, two days ago, 'do you have a, uh, online thing? You know, with the pictures?'

And yet, "Mom, experiment: type 'chrome://settings/passwords' in my browser and see how many passwords you can steal in 60 seconds".

[interpol_p]

Can you please explain the potential liabilities for making Chrome work the same way Safari does when attempting to reveal passwords? (I.e., ask for the Keychain password before unmasking.)

To me this would be a great solution and would improve Chrome's user experience. I am unsure why the strong argument against this.