[interpol_p]

And you have completely missed the point here.

It requires a stronger level of intent for someone to dump my Keychain passwords than it does for someone to browse my Chrome passwords.

This concerns me. I have friends that I would not trust around my computer now because I know that going to chrome://settings/passwords is too tempting for them. But I trust them not to maliciously or actively attempt to subvert the security on my computer.

[hellerbarde]

And you missed the point also. Lock your computer when you're not at it. Like any responsible user. Problem solved.

It's not hard to understand where the boundaries are. Also, it's actually up to Apple to fix the broken thing, not Chrome. There should be a settings in the preferences of the keychain to require a password even if it's been unlocked before (or however that works. I don't Mac)

[interpol_p]

Three points:

1. I do not lock my computer when my friend comes along to debug code on it. I do not lock my computer when I pass it to a friend at home so he can look something up. With Safari's password storage, I have a reasonable expectation that my passwords will not be viewed in the 30 seconds or so that I let people use my computer.

2. Keychain is not broken. Safari requires your Keychain password every time you wish to unmask a password. Chrome could easily do this too.

3. Chrome lowers the barrier-to-access for passwords. It reduces the amount of intent required. I would feel less bad going up to a friend's computer and browsing their Chrome passwords than, say, allowing Chrome to auto-fill a password on their computer and running a script to modify the DOM elements to reveal it. The latter is a more serious breach of trust, implies stronger malicious intent, and is more traceable.

Chrome would be better if it implemented this. I have yet to hear how this will make Chrome worse in any way. Why do you not want Chrome to be better?