Re: Chrome and passwords


 

Bill,

        I am with both you, and Vlad, in certain regards.

        On "the Vlad side" is the rock solid and most basic computer security principle:   As soon as you do not have physical security over your hardware virtually nothing else matters and if you do have physical security over your hardware it prevents close to 100% of the most common compromises.

        On the "your side" there are many among us who, while we do have physical security over our hardware, also leave it running 24/7 unless we wish to force a restart.  It is always possible (not probable, but possible) that someone could break in to the location where the computer is kept and is running.  Why give them, or anyone to whom they might hand off a stolen computer, easy access to all your accounts.

         I've said it before, and I'll say it again:   Passwords are, ideally, meant to be stored in one and only one place - the password owner's brain.  Since many of us can not meet that ideal, particularly as years and numbers of passwords increase, the second option is to use a password manager that requires you to enter a password you can be sure you will remember to store all others.

          The second option is a lot safer than having a web browser, any web browser, remember login credentials.  These days most password managers will also allow you to fire up the site and auto-enter the credentials they have stored directly from within the manager, where they're locked safely away again as soon as you close it.

           I can find no reason, other than convenience, to ever have a web browser remember important login credentials (and by that I mean username and password).  If those login credentials are for anything important they simply should not be remembered by a web browser.  Having one remember your login credentials for your local newspaper's comment section, say, is a completely different thing than having it remember them for your bank account or credit card.

           For certain things, even having a browser remember nothing but the login ID is a very bad idea.

           
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    A great deal of intelligence can be invested in ignorance when the need for illusion is deep.

          ~ Saul Bellow, To Jerusalem and Back

Join main@jfw.groups.io to automatically receive all group messages.