1) Chrome doesn't show "all passwords". It only shows passwords that Chrome knows about. The two categories might overlap, but they're not actually the same.
2) Either the browser demands an unlock password every single time it queries the password store--which is probably not an acceptable experience for most users--or the browser can arbitrarily read the password store when left unattended. There's no meaningful middle ground here. An option to demand a credential before unlocking the store might be nice for nerds, but nerds don't need it anyway, because they can use 1Password (or similar) to do this for them. It's simply not tenable for normals. Good grief, just look at the wailing and moaning that the UAC prompts in Windows Vista generated. Those prompts by default didn't even demand credentials, just a click through.
Hm, I agree with the author of the article on this. I think, the default should be, that the user will be prompted to define a master password, which unlocks the password store. User might choose not wanting to set this password, but then he should be warned that all his stored passwords will be accessible by anyone using his computer with his credentials.
"his stored passwords will be accessible by anyone using his computer with his credentials."
But this is EXACTLY Justin's point: EVEN with a master password, they'd be accessible in other ways by anyone using his computer, because it's just stored in the keychain - and if they add a master password, people will think that makes it more secure.
The solution here is to remove the show button - don't add any kind of master password - because that's just snake oil.
>EVEN with a master password, they'd be accessible in other ways by anyone using his computer
Maybe (there are simple but very effective prevention methods against keyloggers etc.), but the main point is: it's not all black and white.
There are varying levels of security (and varying levels of "hacker skills"). Passwords encrypted with a master password are at least a couple of levels safer than those displayed in plain text.
If they're autofilled, which is the very reason to store them, then it doesn't matter how deep you store them. The browser will dig it for you automatically.
But only after the password store was decrypted after providing the master password, or not? And that is good enough for me. If I let someone to use my computer, of course I will close the browser before. So he can use my computer, launch the browser, but will not be able to access my passwords, since he doesn't know the master password.
2) Either the browser demands an unlock password every single time it queries the password store--which is probably not an acceptable experience for most users--or the browser can arbitrarily read the password store when left unattended. There's no meaningful middle ground here. An option to demand a credential before unlocking the store might be nice for nerds, but nerds don't need it anyway, because they can use 1Password (or similar) to do this for them. It's simply not tenable for normals. Good grief, just look at the wailing and moaning that the UAC prompts in Windows Vista generated. Those prompts by default didn't even demand credentials, just a click through.