
Extracting passwords from Chrome - ColinWright
http://usvsth3m.com/post/57516016693/has-your-chum-left-their-computer-logged-in-do-they
======
Shalle
It's the same with every other browser, for instance...

[https://support.mozilla.org/en-US/kb/password-manager-
rememb...](https://support.mozilla.org/en-US/kb/password-manager-remember-
delete-change-passwords)

~~~
interpol_p
It's actually not the same with every other browser.

As far as I'm aware, Safari pulls the passwords from the keychain when
necessary and does not provide plaintext access to them from inside the app.

------
MrKurtz
It's obviously deliberate. Are you not familiar with OS level profiles? in the
case of OSX:
[http://support.apple.com/kb/PH11468](http://support.apple.com/kb/PH11468)
there is your master password.

Also the post you mention was already submitted and discussed:
[https://news.ycombinator.com/item?id=6165708](https://news.ycombinator.com/item?id=6165708)

~~~
interpol_p
Are you suggesting making a separate user account for each person who uses
Chrome, and then switching user accounts before allowing a new person to touch
Chrome on your computer?

I often browse for things on my coworkers computers (their laptops), and they
do on mine. An application shouldn't be pulling passwords out of the keychain
and then making the plaintext available.

~~~
corobo
Yes, users should have separate accounts. This whole thing is like complaining
that a user can browse your My Documents folder if you allow them to use your
account. Of course they can, they're logged in to your account!

~~~
elliottkember
It's a good idea to have separate accounts. The issue is that many people
aren't aware of this, and should be. Chrome is going with the assumption that
people know about it.

I'd rather someone browsed My Documents than saw my password in plain text. I
don't even like seeing my password in plain text.

It came as an unpleasant surprise to many of us, so I'm trying to point out to
as many people as possible that this is the way Chrome does it.

~~~
DanBC
Eh, you think that's scary - buy a brand new machine and log in to your Chrome
account and see all those passwords (and bookmarks and browsing history) get
slurped down from who knows where onto that machine.

