Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] And now for some completely different flame... Chrome + password management

Patrick Mylund Nielsen cryptography at
Thu Aug 8 09:01:34 PDT 2013

On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell <kylem at> wrote:

> Must every app data store reinvent the wheel rather than use operating
> system functionality?
Agree in theory, but do all operating systems have standard data stores
that are encrypted with the user's password? They don't.

> On Thu, Aug 8, 2013 at 10:42 AM, R. Jason Cronk <rjc at>
> wrote:
> > I'll bite. You design your systems for the threats your users face. As
> many
> > have mentioned, the threat most users face is from a spouse, partner,
> > business associate, sibling, parent, children. Password fields don't
> display
> > typed text to protect against shoulder surfers. It clearly doesn't
> protect
> > again other adversaries such as keyloggers or others with access to the
> > browser DOM. In this light, I think it is reasonable to encrypt the site
> > passwords with a master password or at least have require a master
> password
> > to display the cleartext. It could always have an option to disable or
> use a
> > blank default master password for those who don't face the threats
> > illustrated above.
> >
> > Really, however, we need to move to a post password model, that combines
> > security and useability.
> >
> > My 2 cents.
> >
> > Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list