[liberationtech] And now for some completely different flame... Chrome + password management
R. Jason Cronk
rjc at privacymaverick.com
Thu Aug 8 08:42:55 PDT 2013
I'll bite. You design your systems for the threats your users face. As
many have mentioned, the threat most users face is from a spouse,
partner, business associate, sibling, parent, children. Password fields
don't display typed text to protect against shoulder surfers. It clearly
doesn't protect again other adversaries such as keyloggers or others
with access to the browser DOM. In this light, I think it is reasonable
to encrypt the site passwords with a master password or at least have
require a master password to display the cleartext. It could always have
an option to disable or use a blank default master password for those
who don't face the threats illustrated above.
Really, however, we need to move to a post password model, that combines
security and useability.
My 2 cents.
Jason
On 8/7/2013 10:04 PM, Brian Conley wrote:
>
> Are they being irresponsible or aren't they?
>
> http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link
>
> That is a serous question in interested to hear a variety of opinions
> on, both for and against Google's position, OK go!
>
> Spoiler alert, I think both players are being jerks and not
> considering the importance of outreach and how users learn...
>
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
<enterprivacy.com>
* phone: (828) 4RJCESQ
* twitter: @privacymaverick.com
* blog: http://blog.privacymaverick.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130808/63b2a129/attachment.html>
More information about the liberationtech
mailing list