Google adds protection for showing Chrome passwords on Mac systems
If you are using the Google Chrome web browser you probably know that it ships with a basic password manager of sorts that you can use to store authentication information.
That's great if you sign in to websites and services regularly on the Internet, as you can do so automatically or at least with minimal interaction and no need to remember usernames and passwords for that.
Google recently was criticized for the password manager that it built-into the Chrome browser, as it did not offer any protection whatsoever.
This meant that anyone with access was able to look at the usernames and also the passwords saved in the browser.
The company back then stated that it did not consider this to be an issue, considering that security was also compromised if someone managed to gain local access to the browser.
Others criticized Google for that stance, for instance by mentioning that there are situations where access is granted temporarily to friends or family members.
Francois Beaufort, a Google employee who is posting news about Chrome regularly on his Google+ page, mentioned today that Google made the decision to add protection to the password manager of Google Chrome.
While that sounds great at first, it needs to be mentioned that the feature has been only implemented on Chromium builds for Mac, and not on Windows or Linux.
Mac users of Google Chrome -- I suppose it is currently only available in Dev and Canary builds -- can enable the new protection in the following way:
- Load chrome://flags/#enable-password-manager-reauthentication in the web browser
- Enable the preference and restart Chrome afterwards so that the changes are applied.
When you try to show passwords on the password manager page (chrome://settings/password) you will be asked for the Mac OS account password of the user that is currently logged in.
Once you supply the password, you can show passwords for 1 minute, before you are asked to reauthenticate again.
It is not clear if the feature will find its way to Windows or Linux, but it certainly would be appreciated by the majority of users of those systems.
For now, to stay safe, users on those systems should use a third party password manager such as LastPass or -- my favorite -- KeePass instead.
Now Read: Dashlane Password Manager review
Advertisement