The Chrome Security FAQ makes it clear that it regards issues that require physical access or a compromised PC to exploit as “physically-local attacks” beyond its remit. However, because Google doesn’t specialise in password security, it doesn’t do a very thorough job. Reports from Chrome beta users indicate that we might get to see features such as notes and password sharing in the future. It’s obviously very welcome that Google is trying to develop its password manager into something more functional. The main change for users who opt into on-device encryption is that they’ll have to enter their Google password (or respond to a passwordless login challenge on their associated device) whenever they want to access their passwords.Ĭurrently, I have to authenticate myself whenever I want to look at a password entry in my online vault, but not if I want to view them in my browser’s Saved Passwords entry. However, this doesn’t stop someone with physical access from just opening your browser to take a look at them. On-device encryption means that strong encryption (usually 265-bit AES) is used to make passwords saved on your computer or phone indecipherable without the correct master password.Īlthough it was once notorious for storing user passwords in plain text, Google Password Manager has actually been encrypting Chrome passwords since 2020, using an internal master key to ensure they’re secure when at rest on your devices.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |