Hacker News new | past | comments | ask | show | jobs | submit login

Right, I'm not arguing against any of that. The point is if it's going to be that insecure, Chrome should make more of an effort to make it clear. They could do this by displaying a warning alongside the prompt to save a password.

Also, just because some people will be able to access the passwords with physical access doesn't mean it's not worth doing basic/unsecure locking. I'd rather use a system where people need to have the know how to use keyloggers in order to break, over one where Joe Schmoe can walk in and take everything.

In the end I have always known the security issues with saving passwords so I don't save any banking passwords or email account passwords in any browser.




"The point is if it's going to be that insecure, Chrome should make more of an effort to make it clear"

And what's a better way to make it clear than actually showing the passwords ?


A better way (than showing the passwords) to make it clear that storing the passwords is insecure was in the very next sentence after the snippet you quoted.

Read this: https://en.wikipedia.org/wiki/Principle_of_least_astonishmen...

Then tell me what's better:

- Asking users to store password, and having a menu hidden in the guts of Chrome's settings that most users will never look at.

OR

- Asking users to store password, and prompting them at the same time that doing so is insecure.

Keeping in mind that the vast majority of users of this software are average, non-techies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: