Manage passwords in Chromium --> security risk?
Clash Royale CLAN TAG#URR8PPP up vote
6
down vote
favorite
I realized that in Chromium (and also Chrome) for Linux it is possible to see all saved passwords in clear text. That seems a bit strange to me... after a short research I found out that
- it is not like that in the Windows edition of Chrome where you need your Windows password to see your saved passwords in clear text.
- in Firefox you need a master password to see your saved passwords.
Soo, my questions are the following ones:
- If nobody else but me has physical access to my PC, it is a security risk not to have a master password for my saved passwords in Chromium?
- Why does Google not implement that same feature for Linux while it exists for Windows???
- How save is it in general to save my passwords in Chromium?
- I set a synchronisation password in Chromium. Does that mean that my passwords are saved on a google server in ENCRYPTED form so that not even google can read them, even if they wanted? I mean, do they have a key for it in this case?
I am curious for your answers!
Best
Thomas
google-chrome password security encryption chromium
asked Oct 21 '15 at 22:26
Thomas F
414
add a comment |Â
up vote
6
down vote
favorite
I realized that in Chromium (and also Chrome) for Linux it is possible to see all saved passwords in clear text. That seems a bit strange to me... after a short research I found out that
- it is not like that in the Windows edition of Chrome where you need your Windows password to see your saved passwords in clear text.
- in Firefox you need a master password to see your saved passwords.
Soo, my questions are the following ones:
- If nobody else but me has physical access to my PC, it is a security risk not to have a master password for my saved passwords in Chromium?
- Why does Google not implement that same feature for Linux while it exists for Windows???
- How save is it in general to save my passwords in Chromium?
- I set a synchronisation password in Chromium. Does that mean that my passwords are saved on a google server in ENCRYPTED form so that not even google can read them, even if they wanted? I mean, do they have a key for it in this case?
I am curious for your answers!
Best
Thomas
google-chrome password security encryption chromium
asked Oct 21 '15 at 22:26
Thomas F
414
You have a master password for Chromium passwords. It is the keyring password.
– Pilot6
Oct 21 '15 at 22:30
1
Not really! I am using Lubuntu with autologin, and I am never asked for any keyring password. Nethertheless I can totally easy see my saved Chromium passwords...
– Thomas F
Oct 22 '15 at 23:57
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I realized that in Chromium (and also Chrome) for Linux it is possible to see all saved passwords in clear text. That seems a bit strange to me... after a short research I found out that
- it is not like that in the Windows edition of Chrome where you need your Windows password to see your saved passwords in clear text.
- in Firefox you need a master password to see your saved passwords.
Soo, my questions are the following ones:
- If nobody else but me has physical access to my PC, it is a security risk not to have a master password for my saved passwords in Chromium?
- Why does Google not implement that same feature for Linux while it exists for Windows???
- How save is it in general to save my passwords in Chromium?
- I set a synchronisation password in Chromium. Does that mean that my passwords are saved on a google server in ENCRYPTED form so that not even google can read them, even if they wanted? I mean, do they have a key for it in this case?
I am curious for your answers!
Best
Thomas
google-chrome password security encryption chromium
asked Oct 21 '15 at 22:26
Thomas F
414
I realized that in Chromium (and also Chrome) for Linux it is possible to see all saved passwords in clear text. That seems a bit strange to me... after a short research I found out that
- it is not like that in the Windows edition of Chrome where you need your Windows password to see your saved passwords in clear text.
- in Firefox you need a master password to see your saved passwords.
Soo, my questions are the following ones:
- If nobody else but me has physical access to my PC, it is a security risk not to have a master password for my saved passwords in Chromium?
- Why does Google not implement that same feature for Linux while it exists for Windows???
- How save is it in general to save my passwords in Chromium?
- I set a synchronisation password in Chromium. Does that mean that my passwords are saved on a google server in ENCRYPTED form so that not even google can read them, even if they wanted? I mean, do they have a key for it in this case?
I am curious for your answers!
Best
Thomas
google-chrome password security encryption chromium
asked Oct 21 '15 at 22:26
Thomas F
414
asked Oct 21 '15 at 22:26
Thomas F
414
asked Oct 21 '15 at 22:26
Thomas F
414
asked Oct 21 '15 at 22:26
Thomas F
414
414
You have a master password for Chromium passwords. It is the keyring password.
– Pilot6
Oct 21 '15 at 22:30
1
Not really! I am using Lubuntu with autologin, and I am never asked for any keyring password. Nethertheless I can totally easy see my saved Chromium passwords...
– Thomas F
Oct 22 '15 at 23:57
add a comment |Â
You have a master password for Chromium passwords. It is the keyring password.
– Pilot6
Oct 21 '15 at 22:30
1
Not really! I am using Lubuntu with autologin, and I am never asked for any keyring password. Nethertheless I can totally easy see my saved Chromium passwords...
– Thomas F
Oct 22 '15 at 23:57
You have a master password for Chromium passwords. It is the keyring password.
– Pilot6
Oct 21 '15 at 22:30
You have a master password for Chromium passwords. It is the keyring password.
– Pilot6
Oct 21 '15 at 22:30
1
1
Not really! I am using Lubuntu with autologin, and I am never asked for any keyring password. Nethertheless I can totally easy see my saved Chromium passwords...
– Thomas F
Oct 22 '15 at 23:57
Not really! I am using Lubuntu with autologin, and I am never asked for any keyring password. Nethertheless I can totally easy see my saved Chromium passwords...
– Thomas F
Oct 22 '15 at 23:57
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
Google leaves your Chrome passwords unprotected to promote security. (article)
Google doesn't secure stored passwords, stating that it does not want
"to provide users with a false sense of security and encourage risky
behavior." Schuh's argument is that if a would-be attacker had access
to a user's machine then "the game was lost," as there would be "too
many vectors for [the attacker] to get what he wants."
answered Sep 2 '16 at 7:51
naXa
15210
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Google leaves your Chrome passwords unprotected to promote security. (article)
Google doesn't secure stored passwords, stating that it does not want
"to provide users with a false sense of security and encourage risky
behavior." Schuh's argument is that if a would-be attacker had access
to a user's machine then "the game was lost," as there would be "too
many vectors for [the attacker] to get what he wants."
answered Sep 2 '16 at 7:51
naXa
15210
add a comment |Â
up vote
1
down vote
Google leaves your Chrome passwords unprotected to promote security. (article)
Google doesn't secure stored passwords, stating that it does not want
"to provide users with a false sense of security and encourage risky
behavior." Schuh's argument is that if a would-be attacker had access
to a user's machine then "the game was lost," as there would be "too
many vectors for [the attacker] to get what he wants."
answered Sep 2 '16 at 7:51
naXa
15210
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Google leaves your Chrome passwords unprotected to promote security. (article)
Google doesn't secure stored passwords, stating that it does not want
"to provide users with a false sense of security and encourage risky
behavior." Schuh's argument is that if a would-be attacker had access
to a user's machine then "the game was lost," as there would be "too
many vectors for [the attacker] to get what he wants."
answered Sep 2 '16 at 7:51
naXa
15210
Google leaves your Chrome passwords unprotected to promote security. (article)
Google doesn't secure stored passwords, stating that it does not want
"to provide users with a false sense of security and encourage risky
behavior." Schuh's argument is that if a would-be attacker had access
to a user's machine then "the game was lost," as there would be "too
many vectors for [the attacker] to get what he wants."
answered Sep 2 '16 at 7:51
naXa
15210
answered Sep 2 '16 at 7:51
naXa
15210
answered Sep 2 '16 at 7:51
naXa
15210
answered Sep 2 '16 at 7:51
naXa
15210
15210
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f688292%2fmanage-passwords-in-chromium-security-risk%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
You have a master password for Chromium passwords. It is the keyring password.
– Pilot6
Oct 21 '15 at 22:30
1
Not really! I am using Lubuntu with autologin, and I am never asked for any keyring password. Nethertheless I can totally easy see my saved Chromium passwords...
– Thomas F
Oct 22 '15 at 23:57