Google adds protection for showing Chrome passwords on Mac systems

Martin Brinkmann
Nov 4, 2013
Google Chrome

If you are using the Google Chrome web browser you probably know that it ships with a basic password manager of sorts that you can use to store authentication information.

That's great if you sign in to websites and services regularly on the Internet, as you can do so automatically or at least with minimal interaction and no need to remember usernames and passwords for that.

Google recently was criticized for the password manager that it built-into the Chrome browser, as it did not offer any protection whatsoever.

This meant that anyone with access was able to look at the usernames and also the passwords saved in the browser.

The company back then stated that it did not consider this to be an issue, considering that security was also compromised if someone managed to gain local access to the browser.

Others criticized Google for that stance, for instance by mentioning that there are situations where access is granted temporarily to friends or family members.

Francois Beaufort, a Google employee who is posting news about Chrome regularly on his Google+ page, mentioned today that Google made the decision to add protection to the password manager of Google Chrome.

chrome password manager

While that sounds great at first, it needs to be mentioned that the feature has been only implemented on Chromium builds for Mac, and not on Windows or Linux.

Mac users of Google Chrome -- I suppose it is currently only available in Dev and Canary builds -- can enable the new protection in the following way:

  1. Load chrome://flags/#enable-password-manager-reauthentication in the web browser
  2. Enable the preference and restart Chrome afterwards so that the changes are applied.

When you try to show passwords on the password manager page (chrome://settings/password) you will be asked for the Mac OS account password of the user that is currently logged in.

Once you supply the password, you can show passwords for 1 minute, before you are asked to reauthenticate again.

It is not clear if the feature will find its way to Windows or Linux, but it certainly would be appreciated by the majority of users of those systems.

For now, to stay safe, users on those systems should use a third party password manager such as LastPass or -- my favorite -- KeePass instead.

Now Read: Dashlane Password Manager review


Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.