Are Chrome 9 passwords secure?

[7zuki]

How secure are the passwords Chrome 9 saves and enters for the user?

[Medico]

I would never use the pasword manager of the browser. I use both IE 9 RC and Chrome 11 beta and don't trust either with my passwords. I use a 3rd party password manager from Last Pass. I can access my Last Pass account from ANY PC just by installing the browser plugin and entering a master password. This works fantastic.

[7zuki]

I would never use the pasword manager of the browser. I use both IE 9 RC and Chrome 11 beta and don't trust either with my passwords.

Please tell me the reason you don't trust Chrome's password manager.

[Medico]

I do not believe it is as secure, and is not encrypted.

[jwitalka]

The lack of encrption is not that big a deal for a home desktop PC. Very important for a laptop or netbook that could be stolen or looked at when out and about.

Jerry

[NSILMike]

The lack of encrption is not that big a deal for a home desktop PC. Very important for a laptop or netbook that could be stolen or looked at when out and about.

Jerry

I disagree. The locally stored passwords should be encrypted, whether the PC is mobile or not- as they can be accessible to malware. Firefox does this, and I'd be surprised if Chrome does not.

[jcgc50]

I would never use the pasword manager of the browser. I use both IE 9 RC and Chrome 11 beta and don't trust either with my passwords. I use a 3rd party password manager from Last Pass. I can access my Last Pass account from ANY PC just by installing the browser plugin and entering a master password. This works fantastic.

Don't mean to divert the topic but I am leery of online password keepers. I realize that supposedly you create a master password that only you have but after all they own and have physical access to the servers on which this info is stored.

How can you trust that data? I use Roboform, the PC resident version.

Jim

[Steve20A]

<<I realize that supposedly you create a master password that only you have but after all they own and have physical access to the servers on which this info is stored.>>

I don't currently use any password management software, so I have no direct experience, but I understand that some packages, LastPass for example, encrypt on your PC and send only encrypted data to their server, so they never have direct access to your passwords.

[m.i.k.e.r.]

I disagree. The locally stored passwords should be encrypted, whether the PC is mobile or not- as they can be accessible to malware. Firefox does this, and I'd be surprised if Chrome does not.

Firefox requires a master password to view the stored passwords; Chrome 9 does not. Here's Chrome's instructions; when I did it, the passwords were available by clicking on any URI or username.

Click the wrench icon on the browser toolbar.
Select Options (Preferences on Mac and Linux; Settings on Chrome OS).
Click the Personal Stuff tab.
Click Manage saved passwords to see a list of all the usernames and passwords that have been saved.

[discs]

Yes, the Chrome Password manager has a weakness if you have untrustworthy people with access to your computer. There is no Master password facility in Chrome. Here we are talking of 'local' security.

But I like the idea of a Browser password manager - and I use it extensively for convenience - for sites like Windows Secrets. I have no one near my computer likely to misuse my accounts. Btw, the Chrome passwords are encrypted.

For sensitive passwords, banking etc.. I use Roboform - and only activate it in the browser when needed.

[jscher2000]

Yes, the Chrome Password manager has a weakness if you have untrustworthy people with access to your computer.

With the rapid spread of botnets, it appears that many people have allowed untrustworthy people into their computers...