On 4/17/19 4:01 PM, Tom Smyth wrote: > Hello, > > I was wondering what people would think of disabling chromium offering > to save passwords for sites... it is a default in browsers in other operating > systems that gives me a rash... it is also a likely attack surface... > I would rather have it disabled and if people need / want it they can > enable it ?
Personally, no, I don't like that at all. A couple reasons pop into mind quickly: 1) It doesn't save passwords without asking your permission. So Just Answer No. And unless you disable it completely and irreversibly, people can just turn it back on. 2) It's useful for sites that insist on passwords for idiotic reasons -- i.e., patches and documentation downloads. Makes it much easier to use one-site passwords, and if someone pops my machine, the last thing in the world I care about is someone can read docs on some piece of sh** software. I'm much more concerned /when their/ site gets popped, and they thought "rot13" a good password hash, I had no reason to use a common password on multiple sites. You are trying for "sounds good, make it painful security", whereas this feature is useful for real security reasons. You can't fix stupid behavior with technology. Nick.
