|
|
|
|
|
|
by pb2au
4179 days ago
|
|
|
The argument that I recall for Chrome not having an optional master password was that it was often less secure than using the system's encrypted data store for their account, if available. Requiring a master password to decrypt the network passwords is a perfectly fine idea if you want to maintain portability and reduce the chance that your network passwords are accidentally exposed. An attacker has to both have the password file and either figure out the master password or have code execution privileges on the user's account to gain the network passwords. This is more secure than trying to ensure the password file doesn't get "misplaced" (e.g. on an unencrypted drive, in unencrypted backups, unintentionally through a fileserver, etc). |
|
|