from Hacker News

We can do better – Please fix plaintext credential storage in Chrome

by shayanjm on 6/29/15, 3:24 PM with 6 comments

• by mukyu on 6/29/15, 7:50 PM

  This article is simply incorrect. The passwords are only stored in plaintext when there are no OS-level or desktop environment options available to protect them.[0] In the absence of such a system where exactly do you expect Chrome to store the encryption key for the list of passwords?

  [1] https://code.google.com/p/chromium/wiki/LinuxPasswordStorage

  edit: Apparently there are people that run either incredibly old versions of chrome or don't run a keystore daemon and actually upload all of their dotfiles to github so I guess that part is technically accurate.

• by sbierwagen on 6/29/15, 3:40 PM

  Okay, so it's possible someone might accidentally publish their passwords with an unwise git commit, but has anyone actually done this? Can anyone point to a real life example?

• by ufoolme on 6/29/15, 3:47 PM

  Once the attacker has the username, password and access to the computer, the game is already over. I can't see how adding anything on top is nothing but smoke and mirrors.