“Google says it’s not going to change anything. Justin Schuh, the head of the Chrome security team, says that the only real way to keep your Chrome account safe is to never give anyone you don’t trust access to the account,” Yarow reports. “‘The only strong permission boundary for your password storage is the OS user account,’ he says, ‘So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we’ve found that boundaries within the OS user account just aren’t reliable, and are mostly just theater.’”
Yarow writes, “This is sort of a crazy attitude… The easiest solution to this problem is a master password that you punch in before getting access to these saved passwords. Google says it doesn’t want to do that because it thinks that’s just giving people a false sense of security.”
Read more in the full article here.
MacDailyNews Take: It should work the way Keychain Access works in OS X: No passwords revealed without a master password first.