[liberationtech] And now for some completely different flame... Chrome + password management

Patrick Mylund Nielsen cryptography at patrickmylund.com
Thu Aug 8 18:53:45 PDT 2013 

On Thu, Aug 8, 2013 at 9:22 PM, Shava Nerad <shava23 at gmail.com> wrote:

> https://news.ycombinator.com/item?id=6166886
>
> Chrome security guy takes it up with the Mashable article author.
>
> Chrome guy:  This is what users expect!  They expect to see their
> passwords in plain text.  You are expecting us to provide them with a false
> sense of security.
>
> um...  alrighty then...
>
> yrs,
> SN
>
>
He is being quite condescending, but that's not what he's saying. He's
saying that masking the password would make it seem safer than it really
is, i.e. that it's not as trivially obtainable by a simple piece of
software. That's not an intuitive concept for users, but it's a choice the
Chrome team deliberately made so as to not mislead them. This is a fine
stance, and not one deserving of so much bad press.


>
> On Thu, Aug 8, 2013 at 12:05 PM, Kyle Maxwell <kylem at xwell.org> wrote:
>
>> On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen
>> <cryptography at patrickmylund.com> wrote:
>> > On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell <kylem at xwell.org> wrote:
>> >>
>> >> Must every app data store reinvent the wheel rather than use operating
>> >> system functionality?
>> >>
>> >
>> > Agree in theory, but do all operating systems have standard data stores
>> that
>> > are encrypted with the user's password? They don't.
>>
>> Understood and point taken - but in general I'd rather point users
>> towards better password management than the browser in any case,
>> whether that's something like Lastpass / Keepass or something else
>> entirely. *insert pointless rant about how passwords are a terribly
>> broken model in the first place*
>>
>> --
>> @kylemaxwell
>> --
>> Liberationtech list is public and archives are searchable on Google. Too
>> many emails? Unsubscribe, change to digest, or change password by emailing
>> moderator at companys at stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
>
> --
>
> Shava Nerad
> shava23 at gmail.com
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130808/ee264068/attachment.html>

More information about the liberationtech mailing list