There's much gnashing of teeth today over the discovery that Google Chrome lets you -- or anyone using your computer -- see the plaintext web passwords stored by your browser.
This isn't a security bug. It's Chrome's documented behavior, and has been all along. But an outraged blog post highlighting the issue yesterday by U.K. software developer Elliot Kember was picked up by Hacker News, thrusting Google's security choices into the limelight.
In a response on Hacker News, Google Chrome's security chief Justin Schuh explained the company's reasoning.
Google is thinking like a security architect, and from that perspective, the company is completely right. Security folks think of your computer as a nuclear power plant, with radiation-proof compartments surrounding the core. Your browser window and your stored passwords live in the same compartment. They have to, so that Chrome can see the passwords and fill them in for you.
By making it easy for you to see those passwords with your own eyes, Google is declining to pretend that the passwords are partitioned off in another compartment.
The bottom line is, once a password is accessible to your browser, it's going to be accessible to anyone who can sit in front of your browser and rest their sticky fingers on your keyboard. Short of authenticating every single password auto-fill, there's no way around this. Here's a simple trick that will do the job, and here's an even more convenient bookmarklet called Reveal Password.
So the suggestion that Google Chrome make you enter a "master password" to see your stored passwords is at best pointless, and at worst misleading, from a real security point of view.
But there's an argument to be made on the other side. Google could throw up some drywall in the nuclear plant, and in the end, it would probably do more good than harm.
Google's all-or-nothing security perspective is natural for a company that routinely confronts serious, state-sponsored attackers. But in day-to-day life, most Chrome users have to worry about what security geeks call the "unskilled attacker." That's the jealous boyfriend who might, if it's easy enough, cage your Facebook password to check up on you later. It's your teenaged son looking for your porn passwords. Its the dude at the coffee shop who's left alone with your laptop for a moment while you pick up your mocha.
Even the flimsiest obstacle would be effective against these threats, while serving as a moral signpost declaring the Password Manager off-limits to the kind of casual snoops who are already paging through your browser history. As long as people equate ease of access with permission, there's value it making some things a little harder.
So as a practical matter, Google should probably capitulate to the outrage and erect a barrier in front of the Chrome Password Manager. What's terribly unfair about this, of course, is that in two years there will be another outraged blogger discovering that this barrier provides no real security, and Google will go through the wringer all over again.