[liberationtech] And now for some completely different flame... Chrome + password management
coderman
coderman at gmail.com
Wed Aug 7 20:53:42 PDT 2013
On Wed, Aug 7, 2013 at 7:04 PM, Brian Conley <brianc at smallworldnews.tv> wrote:
> Are they being irresponsible or aren't they?
>
> http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link
>
> That is a serous question in interested to hear a variety of opinions
this is how desktop environments manage passwords. you could copy
paste some python into a terminal to do the same thing for any logged
in user, not just browser passwords. (wifi, disk crypto, services,
etc.)
you manage this key ring with a password. if it is unlocked, assume
your passwords are available in the clear! set your desktop to
auto-lock on idle. require a password to unlock.
if you need stronger separation of identities, authorizations, or
risk, try a more constrained and isolated environment like Qubes [0].
if you want better control over the access and availability to
credentials provided by a key ring / key manager, then install one
that meets your needs and can be configured to the policy you desire.
0. "Qubes implements Security by Isolation"
http://qubes-os.org/trac/wiki/QubesArchitecture
More information about the liberationtech
mailing list