Please expand on this idea?  Master password for saving your passwords?  Or for just 
starting up chrome?

What I had in mind is something like what Firefox has.  It is an option to set a 
master password for the browser so that private things are protected.  It could be 
used in a variety of ways, but the one that is most important to me is that when you 
click "show passwords" in the stored passwords menu you should be prompted to enter 
the master password for the browser.  That way if I let my little sister check her 
email on my computer she can use my browser, but she can't see the stored password 
for my facebook account so she can play a joke on me.
It is basically a way of validating my identity during a console session. - to make 
it better it could prompt you for it after a period of inactivity or give you the 
option to go-un-priveleged.

+1 for maxthelen's vision of this feature in Comment #2

Yeah, this is a potential security flaw (for example, allowing someone else to use 
your browser, they can view all saved passwords from 'Options' -> 'Show Saved 
Passwords')

I'll add my two cents on this and go a step further to say that the entire 'stored 
passwords' menu should itself be password protected. The URL + username could be 
enough on it's own to be damaging. 

Well if you haven't noticed Chrome doesn't have much of any options, you can't do
anything!

You have my vote on this feature. Not having this is a significant security flaw.
The way it's implemented in Firefox would suffice, with the addition of Jessome's 
suggestion that "the entire 'stored passwords' menu should itself be password 
protected".

(No comment was entered for this change.)

I'll also add this: This should totally be added, similar to how Firefox has done it.  
Leaving it off by default is fine, it would just annoy those people who don't care - 
those who do care will take the 3 seconds to find how to turn it on. One thing which 
*must* be different to how Firefox has implemented this is how it prompts you for the 
master password. FFx shows a prompt which steals focus and will continue to return on 
subsequent pages even if it had been canceled previously. As maxthelen said in 
Comment #2, this feature works well if you want to let a kid sister use your computer 
without letting them get into all your accounts - the way Firefox does this, it makes 
browsing *really* annoying for the kid sister, so much so that I had to create a new 
Firefox profile with the master password turned off.

Assigning all facebook.com bugs to eroman who is looking at it.

I do also want the same option...

unassigning from me as it isn't specifically a facebook.com issue.

Working as intended.  There has been much internal debate about this issue in the 
past which I will not reiterate here, except to summarize.  Master passwords as 
implemented in other browsers provide more of an illusion of security than actual 
security.  They also inconvenience users.  Chrome uses the Windows crypto routines to 
encrypt local passwords, giving you some protection against remote data theft; for 
local data theft a master password wouldn't help.

Eventually this need can be fulfilled in other ways that we have design ideas for.

It does, however, protect my passwords in a way that let's regular users use my 
computer without getting access to my passwords, cookies, etc. 

I imagine it would be easy to implement for you due to the clever way you've build 
the browser :)

This is the one thing keeping me with FireFox.

I would reiterate what reneluckow says.  While pkast is correct that the master 
password only gives an "illusion of security" I think he misses the point entirely.  

 pkast is saying that the passwrods use windows crypto while stored which is 
wonderful  but all a hacker has to do is sit at the workstation (or via remote 
access) launch chrome and select show password from the options menu.  Isn't that 
like encrypting your entire hard drive with multiple levels of security...then 
leaving a post-it note on the screen with all the password info?  

My point exactly cmsoko, thanks for the analogy.

I do think this should be added at least as an option like it is in Firefox, you 
click the "add master password". That way it would not inconvenience anyone.

I agree that it does not give a huge load of a security, but being able to see other 
people's passwords if using their browser in a click of a button is just wrong. I 
really think this feature should be added.

At my office, the IT department has _all_ passwords. This allows me to keep my
personal passwords safe on my work computer.

Please, _please_ reconsider this decision.

I also posted this "problem" so i agree. This means that anyone who can acces my PC 
when i forget to lock it can see all my passwords. I was stunned that this option was 
so easy to see. 

So PLEASE put in a Master Password cause these kind of things make this program look 
bad

We indeed need a Master Password over the recorded passwords !

Everyone can come and open your Chrome, and get all your passwords ! Absurd !

I actually far prefer Safari's approach, which makes it so you can't see saved
passwords at all.  This would deal with the whole "Master Password" issue, since it
is really annoying to enter the MP every session (and probably in Chrome's case,
every tab) and it allows for the stored passwords to be hidden.  If you really need
to see your passwords, store them somewhere else, like a piece of paper in your sock
drawer ;-)

I disagree. Removing that feature will inconvenience many users and doing that 
doesn't add any more security than adding a master password.

Inconvenience them how?  The whole discussion is focused on avoiding others being
able to see your stored passwords.  What sort of security are you talking about?  If
you are not able to see them and "Chrome uses the Windows crypto routines to 
encrypt local passwords, giving you some protection against remote data theft"
(comment 13), what other security are you looking for?

This would address the security concern that you voiced over others seeing your
passwords (thus adding an equivalent amount of security to a master password in that
context).  It would not address the concern over others using your saved passwords,
but as the discussion above indicates, Google is more willing to live with that over
the inconvenience of typing in a master password.

If you click the little wrench in the upper corner and then click options and then 
select the Minor Tweaks tab and then click "show saved passwords" it takes you t a 
menu with all the sites you have passwords stored for.  If you highlight a site you 
can then click the "show password" button and it prints the password right beneath 
the button in the gray.

Not only can anyone who is borrowing your computer to use the internet use your saved 
passwords, but anyone with even a little experience with web browsers can learn 
exactly what your password is just by asking the browser, it could be 512 billion bit 
NSA encryption - it doesn't matter, the browser just hands it out to whoever asks 
from the console.

Even if the passwords are encrypted when stored on disk (comment #13), if Chromium 
can decrypt them without user input, then so can other programs.  At the very least, 
malware running when a person is logged in could decrypt and read them.  For me, 
that's the main reason I want a master password option.

(No comment was entered for this change.)

I don't like Safaris approach mentioned in comment 21. I want to be able to access my 
passwords in order to copy them to somewhere else (e.g. to another client) or to use 
them in a different setting. I suggest a master password with two options:
If no master password is set, the passwords should not be visible.
If the master password is set it has to be entered to use the passwords (option 1) or 
only to show the passwords (option 2).

In response to comment 24; if someone borrows your computer, do you let them use your 
user account? If so, well there's your problem! Having a master password is 'security 
through obscurity'. Plus, it degrades usability. I already have to convince Windows I 
am who I say I am, why would I also have to convince my browser?

thats right and if someone don't think the way you do, it is on his decission to set 
no masterpassword, but it is a musthave

Re: Comment 28:
I run XP and I hate fast user switching because its a resource consumer with little 
practical benefit for me.  So, I have it off - which, of course, means that if I log 
off it closes everything I have running, making your resolution very impractical.  
I'm not letting strangers use my computer, just friends who need to check their email 
real quickly. 'Security through obscurity' is a very legitimate method for preventing 
people you trust from getting information that they just don't need to know.  
Example: If your online banking gets jacked with its not a good situation to have a 
friend as a suspect because you know they had unrestricted access to the password.

As far as degrading usability there are different methods for requiring the password 
that are non-obtrusive. I will suffice to say that the title of this thread is "No 
Master Password OPTION" ;) thanks #29

pkasting wrote:
>Master passwords as 
>implemented in other browsers provide more of an illusion of security than actual 
>security.  They also inconvenience users.  Chrome uses the Windows crypto routines to 
>encrypt local passwords, giving you some protection against remote data theft; for 
>local data theft a master password wouldn't help.

I am very surprised this feature has been denied.  Pkasting's explanation does not
address the concern, and therefore leads me to believe that the need has been
misunderstood.

Even if there are ways around it... master passwords provide significant security
against guest users easily or accidentally obtaining an owner's passwords, and
therefore access to the owner's website accounts (e.g. online shopping, email,
etc.)... even website for which passwords are not stored, if the owner/user reuses
passwords.

It is only the lack of a master password that offers any inconvenience to users... as
long as the master password is off by default (as it is and should be in firefox),
users who don't want it never notice it.. but without the option users who do feel
the need for it are highly inconvenienced by being forced to not store passwords, or
to use a browser that has this feature.

2 things to improve upon firefox's feature:  in firefox, there are only 2 options: on
or off.  When it is on, it requests a master password 3 times before opening a
firefox session (perhaps because I have 3 home page tabs with stored passwords.. but
this is a bug and needs to be fixed), and causes a major slow-down of the computer,
even though it does not seem to be using up resources.  However, it would be nice to
have a second option, where the master password is not needed to use websites with
sotred passwords... only to view the stored passwords.

Until this issue is addressed, I will not be using chrome nor will I allow it to be 
used in my company.  For those arguing that this is just 'security through obscurity' 
you are fundamentally wrong and are truly missing the point.  Someone having access 
to my Windows account, for whatever reason, should not mean that they should get 
simple and unauthenticated access to *every password on every system that I save in 
chrome* and also get the ability to see/copy them for their own use.  This is just 
too easy a target for too large a risk with too easy a solution:  1) allow the 
setting of a master password that is used to encrypt the password store.  2) Allow 
the user the ability to set the time period before re-requiring authentication to the 
password store. and 3) Absolutely always require re-authentication to the password 
store when the user requests to see the passwords.

Whilst I agree that if someone has physical access to the machine, a master password 
may not provide much defence to the knowledgable, it provides another layer.

A lack of master password is rather daft, and assuming that the passwords are stored 
with strong encryption, it can prevent many types of problem. Comment #32 says it 
all.

'wontfix' is a very poor response to this, and should be reviewed.

Another good summary:

http://code.google.com/p/chromium/issues/detail?
id=1397&q=password&colspec=ID%20Stars%20Pri%20Area%20Type%20Status%20Summary%20Modifi
ed%20Owner#c36

Discussion on this matter now takes place in  issue #1397 , which has not been marked
as 'wontfix'.

(No comment was entered for this change.)

I like chrome because it is simple and quick but I won't use it until it have a
master password. Let's face it, in this days you need password for a lot of places,
you cannot just read news, we have forums of discussion, different mailboxes, maybe
some places where we buy stuff. Not having any protection for the passwords is really
not a good idea. Any vulnerability in OS can be exploited by some hackers and collect
millions of user passwords, because they know where the file with passwords are
located on computer. Let's make their job a little harder, not give them our privacy
on silver plate.

 Issue 27971  has been merged into this issue.

Details of the encryption used by Firefox when a master password is specified:
http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html

> pkasting
> Working as intended.  There has been much internal debate about this issue in the 
past

Clearly not enough if things were left in this situation.

> Master passwords as implemented in other browsers provide more of an illusion of 
security than actual security.

Well sure if you don't point out what this illusion is then nobody can tell you where 
you're logic is going completely wrong. You can crack 3DES in CBC mode can you? 
Perhaps it is your use of the feature that leads to an "illusion of security than 
actual security".

> They also inconvenience users.

Yep, more security == more inconvenience. That's the way it's always been and always 
will be. Not a good reason to be insecure.

> Chrome uses the Windows crypto routines to encrypt local passwords, giving you some 
protection against remote data theft;

Talk about "illusion of security"!

> for local data theft a master password wouldn't help.

Again, you can crack 3DES in CBC mode? I know I can't, but I can certainly grab all 
of my coworker's Chrome passwords.

> Eventually this need can be fulfilled in other ways that we have design ideas for.

Great, so the browser has been out for how long now without any good way for users to 
encrypt the passwords that are saved to it?

I wonder whether everyone's deaf and blind regarding this issue. I do not see (but I 
confess I didn't read all linked discussions since they seem to reiterate things 
already said) whether anyone really considered this.

Let me tell you how my machines work. Firefox. Passwords are encrypted with master. 
Timeout is 5 minutes from the last password input. When master pw times out you need 
to enter it again for _anything_ using sensitive information, even to see what sites 
I have saved passwords for. 

So, basically Bob has *2.5 minutes* on average if I forget to exit the browser to get 
my passwords. After that, either he cracks the password, tries to get it form the 
machine (which could or could not be feasible with no root access) or beats me to 
tell it. I see no other way for him to get at my passwords, saved forms or anything 
master pw protected.

Opera implements similar master pw timeout.

I fail to see how this could be an illusion. Using proper pw input, proper encryption 
and timed out master pw this protects private data.

Correct me if I'm wrong, please. Thank you. 

If you can't this should be a security related wish and ought to block release. IMO.

I started using the LastPass extension and it works much better than a built-in Chrome 
master password.

<offtopic>I wouldn't really like to hand over my passwords to an untrusted 3rd party. 
As far as I see this lastpass is storing your passwords at lastpass.com's servers. 
Scary. Anyone audited their code already? [It is open, right?]</offtopic>

@grinapo No, the passwords are encrypted on your side before being transfered to 
their server.

@bradcupit As grinapo has stated, last time I checked there was no auditing of 
Lastpass' password handling code. Without this auditing you must trust that 
everything they do is as they have said. I have already found them to be accidently transferring your passwords in plain text in the past (which they fixed immediately 
when I reported it. They also told all users about the issue, after some pressuring 
to do so). Last time I looked into this they were not doing open code auditing and 
were not taking me seriously enough when I asserted that this was necessary.

Lass pass is not a solution to this problem and the neglect being shown to this 
serious security issue is disgusting. Chrome should not have ever been released with 
a password manager without user key based encryption and the persistent dismissing of 
this issue is amazing.

Unfortunately I am not a programmer. Fortunately Chrome is Open Source. 
Is there a way for 3-d party team to make Chrome-based browser with Master-password?
As for for me I use Chrome for random browsing and Firefox for any password browsing 
experience. Lastpass site looks wired enough so I uninstall-ed the extension.

i also agree.
This problem does make me bother me.

Comment 45: the problem isn't that this doesn't bother _many_ of us, but that there 
is a philosophical debate about it's merit, where the opponents usually omit every 
fact which would contradict their opinion. :-) Until the debate is ongoing it seems 
nobody want to start to implement anything.

By the way those who think master passwords cannot work have ever checked FireFox's 
FIPS grade mode? It uses master password and magically still possess this government 
grade certification. (Obviously it means a bit even more strict pw expiration and 
usage, we do not need to be THAT strict, but it shows the feasibility and security of 
the feature implemented.) But I don't believe even this would convince the "opposite 
side" commenters.

Btw this issue _was_closed_. Merged into  Issue 1397  which was closed; and merged into 
 Issue 812  which is "profile/login support", so I guess master password request was 
buried deep.

Yeah grinapo, it's pathetic. Fixing  Issue 812  will not fix this issue.

I WANT MASTER PASSWORD FOR MY SAVED PASSWORDS. MAKE IT HAPPEN GIRLS. 

I agree this issue needs fixing.  A master password isn't an "illusion of security"
at all.  grinapo hit the nail on the head.

Without a master password, if my laptop gets stolen or someone goes snooping on it
when I'm not around, my passwords are an open book.  It wouldn't even take a
particularly tech savvy person to get at them.

With a master password, the only way someone can access my passwords is (1) if my
master password has already been entered (and hasn't expired), (2) by coercing me or
(3) by brute force.

As long as I own a laptop, I will never use Chrome until this issue is resolved.

The most interesting is the fact that Google ( Chrome developers) have this kind of 
attitude towards users. This is Apple-like attitude (regarding flash), a going against 
current and see what happens. Strange if you keeping in mind the goals of Google. 

Imagine Google OS  without passwords. 

Well, I think that the current difference between Windows and other versions of 
Chromium is just because non-Windows versions have low priority, few people work on 
them, no one cares about them, they are developed not for users but for marketing 
reports, or all of that. I still wonder how is it related to Chrome OS.

We need a master password. Not to protect our accounts from hackers but to protect 
our selfs from ordinary people who are doing what they shouldn't be doing. For 
example I don't think that many of you would like your girlfriend to see your email 
password while you're in the bathroom. It's not that you're cheating her, but if a 
friend sends you a picture of naked women and says "wow, this one is great", and you 
say "yeah, she's hot", in most situations you'll have problems. Or a friend on poker 
night that took a pause and went surfing a bit. It would greatly improve basic 
security.
Most of people do have something to hide, it doesn't necessarily need to be anything 
criminal, unmoral but we all have something that we're not comfortable sharing with 
other people.

I think a blog should be created regarding this issue since Pkasting is erasing a lot
of good and full of reason posts. 
I like Google a lot, but lately some of the employee's action make me take distance.
I also am in China right now, so it won't be so hard :)

@opodaniel Can you provide some evidence that entries have been deleted? One of the
posts that was here earlier but has since been removed should suffice. I imagine you
have been recieving email coppies of all posts in the same way I have, so it should
be pretty easy to point to an entry that has been deleted without good cause.

No, I don't have those mails because I have unsubscribed from this issue. I am a
happy Firefox user, with no pretension from Chrome until this issue is solved. 
This bring me to another strange issue which is off-topic, but I should answer to
your question. 
I asked before what should I do in order to stop receiving mails with this issue (
because is easy to see that in 2 years time nothing have been done - so there's no
point to see people asking for master-pass and developers tell them that windows
provide enough protection）. I think it was Pkasting who tell me how to do it.. but
strangely each time they merge issue's I start receiving the mails and have to
unsubscribe from something that I didn't subscribe in the first place, or that I have
Already Unsubscribed.

The idea is that I've already read this topic several times, and I think that maybe
while merging issues, some posts were lost or moved.. who knows.. From my point of
view there should be a lot more posts.I have no evidence whatsoever. Anyway I think a
blog where people could express their opinion with possibility to vote would be a
good idea. Google would see what people think about this very important issue.

The blog that we need is a blog which lists
a) problems/lack of functionality that exist in Linux version but don't exist in 
Windows one and that is not worked on (Gears, unencrypted passwords, opening the 
context menu on mousedown preventing creation of decent gesture extensions);
b) lack of functionality that officially "will not implement it, make your 
extensions" but can't be fully implemented with extensions (gestures and other things 
that won't work on https and internal pages, AFAIK adblock working before page 
render, not after, goes here too).
To make people know how are Linux users treated and why the quality of Windows 
version doesn't mean they should use chromium on Linux too.

Good to know. 
There are two questions to be answer by each one of us:
- While Chrome is a product of Google , and is free, why should Google listen to the
users? Look at Apple how well it does and how much profit it makes :).
- If Google is not listening, and there are such  good alternatives out there.. why
should we loose time to help improve?

After all.. all products of Google while being free (Google search engine, Google
docs, gmail, etc..), are indexed by Google which help them improve the Google
Ad-Sense and Ad-Word money making machine. So nothing is really free in life.. except
life of-course.

Exactly.

Firefox does this perfectly, and it's the only reason left for me to prefer it over 
Chrome.

Chrome it's my default browser, but, sadly, I still have to use Firefox to store my 
passwords. When will this change?
This feature it's the last one missing to the retirement of my Firefox.

Having just bought a low power netbo0k, I thought I'd try Chrome since it is said to be less resource intensive than than Firefox. Then I ran into this issue. Without a master password, I'm sticking with Firefox. Please reconsider.

I agree with cmsoko and grinapo, this issue should be fixed, having a master password is very useful (especially as when you try and view your stored passwords in FireFox you have to reenter it), and yes it is a slight inconvenience to users (less so if you don't close chrome and just hibernate or suspend your PC) but not letting Chrome store any passwords (so know one can see them) is even more of a inconvenience!

Please Google sort this out it really can't be that difficult (um... maybe I should have a look at the chromium code and implement it myself!)

ok tl;dr past the halfway point, but i saw no one touch on this point, which differs entirely from the "everybody being able to see your passwords if they want" angle; when i set chrome to save a password, it's saved, right?  teh next time i visit that site, the password is pre-filled for me.  OR FOR ANYONE ELSE WHO VISITS THAT SITE ON MY BROWSER.

with ff, true - if you cancel the enter master password prompt, it comes back.  boo hoo for the poor soul at my house, having to use my internet and clicking "cancel" three or four times.  

which do i care more about, the fact that my friend has to use his click finger a little more than necessary, or the fact that he can get into my facebook, bank, email account, etc just by visiting the site?  

this issue is keeping me with firefox as well.  

I totally agree with nghtvsion. This ISSUE is also keeping me with firefox. Example: my laptop has it's HD encrypted, is password protected, and would log you out after 5 minutes of inactivity. Still, I find useful to be able to let someone use it and walk away, without him beeing able to access all my login-protected websites.

This is not really a problem for MacOS users, Chrome uses the built-in Keychain access which has pretty fine grained access control.

Cool news ausman. I will buy a Mac in order to use Chrome browser to store my passwords.  Thanks for the good news. I already see the advertisement : "Try Google's advanced browser. It's free. And if you need your passwords secured is easy : just buy a Mac ." LOL

I concur. It's not that hard to implement, don't be douchebags like Apple, and listen to your users. That was why i loved you guys in the first place.

Good to know it is fine with MacOS. Wondering what is doing IE on this issue? They use Crypto API and they don't show saved passwords on IE preferencies. And i really think that doing that it's JUST FINE. 

It will take a lot more time to download and execute a cracking tool, rather than clicking on preferences->Show Passwords.

If the developers think they are making it clear that the "save password" is not secure by adding the "show pass" button (instead of putting a warning), then you should know that YOU ARE WRONG. You should REMOVE THE BUTTON and add a warning. Because people save passwords anyway no matter how insecure it is!

If you are a chrome user, you fall in the following categories:
a) You don't know how insecure it is to save a password => so, you use it.
b) You know how insecure it is, but dont care. => so you use it anyway.
c) You know, and dont use it.

In cases a and b, removing the button (and warn them how insecure it is) will somewhat help them from password stealing from "non-technical users". And that is what we want, and what IE does. We don't care there are a billion cracking tools to steal passwords cause we hope our antivirus will prevent them from running.

@72

There's a difference between obfuscating/hiding the password vs. actually encrypting it via a master password.  This issue is really pushing for the latter, which is a lot more secure.  The former would be vulnerable to a cracking tool like you said, but if my laptop gets stolen and my passwords were encrypted with a master password, the thief *needs* that master password in order to access any of the passwords protected by it.  Otherwise, he has years of brute-forcing ahead of him.

DON'T BE EVIL

Just give us what we are asking for.  Most of us are even asking nicely, suppressing our urge to just blurt out what we're really thinking, which would sound something like "What the H-E-double-HockeySticks could they be THINKING?!?!"

Resistance to such a benign request make me wonder if we should audit CHROME code.  Do _their_ servers have access to our saved passwords?

AND . . . is this some of the first anecdotal evidence that the Google-is-positioning-itself-to-one-day-take-over-the-world conspiracy theory might actually have merit?  (How can you not SEE it?! They even have cars that DRIVE THEMSELVES!!!)

Please, Google.  You have the power to stop the wild speculation.  A shroud of doubt and fear is settling upon us.  Make it stop.

Just add the feature already.

It's not that big of a deal.

The clear text passwords are also a no go for me. But support for other password managers like gnome-keyring and kwallet is already in the dev version, it's still not perfect, but I am watching it closely. When the code is shipped in stable, I could  be satisfied.

Guys, do you know this upcoming features?

I am amazed that this is still getting push-back from Google and it is why I am using Firefox and will migrate to Firefox on my Android as soon as it's stable. Having support for "other password managers" is a kludge. With Firefox my encrypted passwords are automatically synced to every PC I use (and soon to Android). It's easy and I still have local control on each PC.

This is not an issue of evil people remotely stealing my passwords - if that were the case, I would have no problem with Chrome.

This is an issue of me being able to share a computer with my son and not allowing him to access my passwords.

Since there is no tool for us to see how many of us need this master-password must-have implementation, I have created a blog with one pool regarding explicitly this issue. Please vote pro or contra implementing master password in Chrome.
http://securemybrowser.blogspot.com/

I might even go as far to say that the dev is correct: a master password IS actually an 'illusion of security', but that doesn't mean that it isn't adding to security! Local users tries to view password, doesn't have master password. Now they think it's all secure, even though there may be a way for them to hack their way in. It now becomes local access + hard work to get the password rather than just local access. It's an illusion that I'd like to have available.

the problem is, that the passwords can easily be accessed in the browser settings.

sometimes someone else uses my computer. i trust this person not to install a password sniffer on my pc but it is far to easy to get the plaintext passwords. it is too comfortable to get the passwords for all my services, because they are shown in the browser options.
maybe we need no master password. maybe it is enough, when i can protect my stored passwords to be shown in the browser settings easily. please think at least about this.

thanks,
dave

If implemented correctly, a master password is far more than an illusion of security.  The master password can be used to encrypt the passwords that it protects.  With a well-chosen master password, a laptop with stored passwords could get stolen and they'd still be safe.

I agree it's not an illusion of security. For example, Mozilla uses its crypto subsystem it generally uses for SSL and other keys and certificates. It encrypts data with a random key, cyptographically secured with a password. The only way to crack it is by brute force or cryptanalysis - not any easier than breaking any other "real" encrypted material. As elsewhere, it all ultimately depends on your password strength: if you chose 'yo' for a password it might be quite easily cracked; if you use 'Agh4!DreE556.wd4' it is very unlikely anyone would crack it within our lifetimes (with _current_ computers it would take a lifetime of the universe, give or take a trillion years...:)

Turns out that you actually can disable the "Show saved passwords" (in case you want to lend your computer to your sister). 

Here is how: http://superuser.com/questions/11977/hidden-features-of-google-chrome/233940#233940

Showing is one thing, using is another. Firefox will not allow you to use the saved passwords without entering your master password. That is what Chrome should do.

chrome's password manager is not at all good, anyone using my system can  see all my saved password....

do something about it

Someone please contact news sites and report this security flaw. I think so many users don't even know that a silent-keylogger is working inside their browsers. In fact, Chrome is the best keylogger out there in the market:

1. Its a trusted brand
2. It filters passwords specifically
3. It leaves no trace
4. No brainer approach - even my dog can steal my passwords
5. Most internet cafe users have no idea about this security flaw

@85: What are you talking about?

@82 & @84: It's actually better for the password manager to show passwords than to create the already mentioned 'illusion of security'...

Yep.. suckers save their passwords with Google Browsers. Normal people with functional brains are aware that such a quick and awesome browsers are not meant for safe storing of the passwords. 
Developer dudes, why not eliminate this function completely.. If you cannot protect our passwords, why in the name of Science would the browser store them in one place? Please let us know how to completely disable this utterly useless store passwords function from Google Chrome and Chromium browsers. 
 

We really need this feature, but I think this can be an option.

Everytime I start the browser it should ask me for the master password (or in the first time I access a site that has a password saved). This way Chrome will be able to uncrypt the passwords for the current session (or for an amount of time, or both).

Those who don't need this feature (because their users are protected) should disable this function and don't get bored typeing their password everytime they start the browser.

This way, users that need this feature will be safe and happy because we workaround this problem without giving only a 'illusion of security', since it will not be an illusion anymore.
Those users who doesn't need will be happy too, because they will be able to disable this somewhat unnecessary 'double protection'.

We need to be aware that there's not a "common use" of the computer. It is absolutely right that the 'correct way' is to ask everyone to protect their users, but we cannot impose this.

I will borrow my notebook for one week to a coworker to use some software installed in my personal computer. Everything he need to use is configured in my user. If I create another user for him, I'll need to reconfigure everything (what's a pain). So this feature would be handy for me if it exists.

How can users wait from Chrome developing team to understand the problems they are facing when they are so bad organized that they have several threads for the same Issue. 
This Master Password Issues is also discuses here (perhaps other threads also.. don't have time to loose with such lack of support team and search for more) http://code.google.com/p/chromium/issues/detail?id=1397 with the same "ignoring users" solution from the part of the developing team.
Google is wondering why Android phones and tablets didn't reached the level of professionalism of Apple's products?  
Dear Google please stop playing the act of being open source and open minded and start being an open source and open minded company ( at least on those places you say you are).

Would you all please stop being offensively emotional? Apart from the fact that 

--password-store detect

option detects installed password storage support and seem to use them accordingly? (At least uses my gnome pw backend, and I tend to remember the same for KDE.)

@91:
What about the 99% of internet users who don't use Linux?

@92: Apart from commenting the mathematically handicapped I guess I've heard windoze solutions earlier than Linux ones (and spared the snide comments). Pardon me if I don't remember them as I do not use such things, but I guess you can find them if you read carefully. 
But this bug is closed anyway. IIRC other issues run the solutions to the original problem. Feel free to continue. Pardon my intrusion. Have a nice day. :-)

Am a little more confused about what you're saying now than I was before, but you have a nice day too! :-D

Let's be constructive. Linux solution seem to work, I have documented that I guess. Isn't there a working windows solution? I tend to remember something about using windoze's own password system... not my field, though.

If #53 is closed and #1397 is closed, where can we vote on this feature request? 

 Issue 85436  has been merged into this issue.

Ditto comment 96. 
If this bug is closed, then how was the issue resolved?
4 clicks continues to display all passwords in plain text.

Whether or not this is an issue for superusers, it is clearly an issue for typical users who makeup the largest user subset. No disrespect. However, if you feel you have already described a resolution, then I will repeat unequivocally that no comment on the page above indicates a solution in a language I can understand. This remains an open question.

If you sync your data with Google, at the very least, you should be required to sign into your account before accessing passwords. 

Additionally, if you entered your an Encryption Passphrase, if one was set. 

 Issue 1397  has been merged into this issue.

(No comment was entered for this change.)

 Issue 121927  has been merged into this issue.

Isherman...  Maybe you can help:
How do we open this bug again? 

It is an OBVIOUS security failure to not protect the saved passwords from being seen.
A Master Password is DEFINITELY DESIRED by the users, and the fact that there is none is one of the reasons I use Opera now. (The removal of side-tabs is the other reason.)

Thank you for your help.

As somebody who has been CCed on this bug for years and yet still didn't understand it until I talked to Ilya just now, let me try to sum up where we are right now.  There are two different threats that people want to address with a master password:

1. Can somebody logged in as you steal your passwords?
2. Are passwords stored on your hard drive encrypted?

I was worried about #2:  if somebody steals your computer or picks your old hard drive out of the trash, you don't want them to be able to read a password file and get access to all your accounts.

Chrome addresses #2 by storing your password in your operating system's keychain, which is typically encrypted with your login information, which is why you don't get a password prompt when you start your browser.  You can verify that Chrome isn't storing your passwords itself by running sqlite3 on the Login Data file in your config directory.

Other people are worrying about #1.  Hiding your passwords from someone who is sitting at your computer logged in as you *is* illusory security:  it raises the bar only a teeny bit, but for users who don't have a sophisticated understanding of what's going on behind the scenes in a web browser, it can give the false impression that their passwords are safe in this situation.

Someone who calls a solution to #1 illusionary security does not have an understanding of how Firefox deals with this issue.

Firefox effectively addresses that threat because it manages saved passwords itself.  It does not make the flawed assumption that anyone logged in as the user is the user.  Even if an attacker gains access to my machine while it is logged into my user account, Firefox's password store will not be compromised because it is secured independently.  Chrome lacks this safeguard.

That's exactly what they mean by illusory security:  it's not a solution to #1, but it looks like one, so you think you're safe when you're not.  It's raised the bar a teeny bit because a non-technical person doesn't know how to steal your passwords, and that has given you the mistaken impression that it's secure.

If someone is logged into your account, they can copy your Firefox folder and install key-logging software to capture your master password the next time you type it, and they can do it in a matter of seconds without you noticing.  If you don't trust someone with complete access to all your online services, it's very dangerous to let them use your account.

Regarding Comment 104 by [email protected]:

I think this is a version of the 1st world (techy dev) vs. 3rd world (average user) issue. The disconnect being that very technical people, who tend to own (or at least control many details of) the technology they use are making decisions as if their experience is similar to a typical user with limited control of the technology in their sphere. 

I feel I've laid it out best here:
https://groups.google.com/a/googleproductforums.com/forum/#!msg/chrome/FzXClh-kNcw/Bi8qHM8wptoJ
and
https://groups.google.com/a/googleproductforums.com/d/msg/chrome/-/_uo3nSTE_X4J

Furthermore, I think it is important to recognize that raising the bar a *teeny* bit *is* raising the bar. And, what seems a *teeny* impediment to techies can actually be substantial to unsophisticated or accidental criminals in world at large.
Thanks for reading my 2¢.

I love the way that hundreds (if not thousands) of users have requested this feature (including adding additional feature requests that get merged back to this one), yet the developers steadfastly refuse to do WHAT THE USERS WANT!

I've got friends that use IE because "it's already there," and can't see why Firefox is better. I see thousands of users who use Chrome/Chromium because "it's cool," "it's fast," but won't use Firefox because I've learned *it's more secure* (the latest Pwnium proved that easily.) I won't use Chrome/Chromium or its derivatives *until this feature is added* because I prefer to use the "portable" version that doesn't install itself into my user directory (which is the only thing that would keep my Chrome passwords safe!)

Maybe SRWare will implement this in Iron and submit the patches back here...if there is no work to do (SRWare would maintain that code), would that change your mind?

This isn't illusory security at all, but rather a bias on the part of techies that recognizes computer crime only when committed by techie means. Similar to saying that cash in pockets are no safer than cash on an unattended desk, because you won't even know a *proficient* pickpocket has taken your money either way. Which completely misses the mark, because no pickpocketing skills were required to notice some spare $$ on your desk at just the time when...I seem to have run out of money for the candy machine. And, no harm right, because I'll replace it tomorrow morning before anyone misses it. Or, maybe it's easier to forget the whole thing. You won't actually miss it... ;)

The result is the same, cash casually borrowed and not returned or a quick peek at password protected content that leads to credential borrowing, snooping or downright theft. This 'accidental' or 'opportunistic' crime seems like a far more likely threat to most users than that of the master criminal. Perhaps we could even put a little math and gross estimation to this problem.

Assuming we're guarding against opportunistic crime, which is what I'm reading as the concern for most posters. Let's do a tiny bit of math and estimation. Consider the number of literate people in your sphere of influence (~75% of adults globally), you probably compute around people in which this is an underestimation. Now consider the percentage of people you know that can open a web browser or office suite but have no additional computer skills. Devs at Google are probably surrounded by people more technically inclined than this, but surely still have friends and family with minimal computer skills. Perhaps 10% or even 20% of people they interact with typically would have the capability to deploy a data logger to discreetly steal their passwords. If I were to make the same estimate of people I interact with the number however, would be quite a bit lower, perhaps 1% at best. Which I suspect is accurate for the general population. Additionally, the prospective data logger thief must be premeditated, or at least intentional. They don't simply open a page and accidentally log someones data.

So, what we are really comparing is protecting users from opportunistic/accidental criminals who are literate (75% of population) vs highly technically savvy intentional thieves (1% or far, far less of population for most computer users). Tech folks, please do the math. By my estimation and back of the napkin calculation hidden passwords protect against at least 75 times more potential crime than security measures directed at hardened key-logging criminals.

Please read Peter's comment here: http://code.google.com/p/chromium/issues/detail?id=1397#c108

Excerpting the relevant part: 
> If you're concerned about merely "casual snoopers", then you should lock your desktop (it's two keys!)

(The two keys are, on Windows, Win-L.  Other OSes have other simple & quick ways to lock the screen -- e.g. hotcorners on Mac OS X.)

Keylogging is not a "hardened criminal" thing:  someone who wants to snoop and knows how to do a web search can have it going within less than a minute.  There are many good reasons corporate security policies forbid sharing accounts and encourage locking your screen, and this is one of them.

To continue with the colorful physical metaphors:  setting a master password and sharing your account is not like putting your wallet in your pocket;  it's like leaving it on the table, closed with a zip-tie, while you leave the room.  It doesn't take any special skill to steal your money---just a moment of time and a tool anyone can pick up pretty much anywhere.

What is it with you techies running the show here? In your infinite wisdom and intelligence, you don't seem to get the fact that your users want a feature, therefore you should provide it. Yes, some of us understand that the security is just illusionary, that it is very simple to install all kinds of malware and do all kinds of things if given access to someone's computer. I just wonder how you guys could be so smart and yet so dumbfoundedly blind that most no one is talking about the types of malicious users that you keep referring to! What is being referred to is how to take away the opportunity for someone to be tempted to use your password, who would otherwise not be so inclined if it were not just there staring them in the face!!!

And yes, we understand that you use Windows security that means that anyone who is logged in to my account is authenticated to see the password file. Some would argue that this is a design shortcoming that should be overcome - perhaps by providing a second level of authentication as Firefox does it according to some comments. Or, you could implement your own better solution, which is evidently in the works according to one of the developer comments.

What none of this excuses is the fact that for the past 4 years you have been proclaiming things from your lofty perch, whereas you could have done what most user-focused companies would have done and provided your users with something that they had requested - as non-optimal and illusionary as their resulting security would have been. You could have even gone the extra mile when they set a master password to let them know that they should not lull themselves into falsely believing that the extra password is anything but superficial security. Or better yet, you could have provided them with a better solution and be done with it!!!

I aggree with Comment 113....suppose I want to let someone use my desktop and/or my browser, but don't want them snooping in my passwords, or logging into my accounts? I can do that with Firefox, but not with Chrome (and I will *never* use IE).

As a lot of people have said...this is a feature they want added to the browser, and not entirely difficult to do for your talented devs. Instead of being arrogant and stonewalling your users who care enough to comment on this, just write the #@&*!~ code or let someone submit it as a patch and be done with it!

Issue 128907 has been merged into this issue.

Status: WontFix Closed: Sep 2008 Issue 128907 has been merged into this issue.

Why no explanations as to the 'difficulties'? Is it impossible?

Why is it a seemingly complete waste of time for anyone who posts on this password issue?

I really find all this a laugh towards users. The feature we are requesting is dead easy to implement and really handy if you don't want friends (or worse...) peeking around in our passwords.

Fixthis already.

Status: WontFix Closed: Sep 2008 Issue 128907 has been merged into this issue.

Odd that something that isn't necessary, isn't "doable" and isn't secure is being requested over and over by users.

Never mind, I'll just keep using a different browser instead. Maybe the Iron devs will listen to what users are clamoring for...

I agree that this should be added. It's one of the reasons I switched back to FFox. Two thoughts though:
1) It forced me to find another solution. I found lastpass that manages passwords securely across multiple browsers and, stores them securely on the WEB. Of course, I would recommend you never save any passwords to important accounts like bank websites
2) Chrome just unseated IE as the top web browser so they must be doing something right...not everything of course.

This is nothing more than the Chrome developers pretending that ChromeOS and ChromeBrowser are identical... they don't want to implement a master password on the browser because they imagine that the browser IS your OS, and they "already that" on ChromeOS.

If you use ChromeOS, you would have to log into the OS (I hope...) before using the Web (and there simply ISN'T anything else you can do).

If they implement a master password in ChromeBrowser, there is no reason to use ChromeOS, and they can jeer at how "hard" it is to keep your non-chrome OS secure, while it is "simple" to create another login on ChromeOS for another user.

They conveniently "forget" that when you run a REAL OS and have dozens if not hundreds of applications installed other than your browser, it really is NOT simple to create a user ID for another user and let them log in and use anything... it is MUCH simpler to allow them to use your own user account briefly.  (On the other hand, if you use the crippled ChromeOS, you get just a browser... no other apps to manage).

The Devs also "forget" that despite the fact that you could watch over their shoulder to make sure they don't delete all your private documents, it STILL only takes a couple of clicks and they can SEE ALL YOUR PASSWORDS... and what they see for an instant can't be erased from their mind.

Basically, the Devs are saying 'Don't use ChromeBrowser; Use ChromeOS. If you want a full featured browser but don't want our OS, we don't care about you.'

Oh? How come I missed that this was already closed in 2008. 

Funny, all these nerdy comments over 4 years after final closure *chuckle* What a waste of time - please take me to the bright and happy future *whooooow is this fast? it must be chrome, I do not care about anything, I am so - whooooow! I fly!

If a "master password" isn't important, then why are people creating new issues that keep getting folded into this one? Devs, you must be NUTS to keep ignoring USERS!

 Issue 130906  has been merged into this issue.

I'm using LastPass to store my passwords. It has a master password and you have your passwords sync across different browsers. It seems chrome doesn't care about our password security. It's a pity.

Let's say your spouse or children want to use the family machine, but you still have some expectations of privacy vis-a-vis personal accounts.  Does "Win+L" solve this problem?  No it very well does not.  Does "Win+L" prevent casual snooping when you leave the room while a friend checks e-mail or his banking statement or whatever?  No it very well does not.

The simple reality is that this is an easy-to-implement solution that solves a lot of real world problems, and the Chrome developers talk over the heads of their users and claim that it's "false security".  It ISN'T.  At all. 

http://www.howtogeek.com/70146/how-secure-are-your-saved-chrome-browser-passwords/

The password file is encrypted based on your Windows account password (your master password for all intents and purposes).  Even if Chrome asked for a master password that wouldn't prevent another program from being used instead to read the password file and capture your password.

 Issue 136126  has been merged into this issue.

@ [email protected]

"Part of the issue is that if you leave your computer to other people, there are so many ways in which a determined attacker could get hold of your personal data".

Why not starting with making the "determined attacker"'s task more difficult? Say, with the insertion of a master password? Better a master password than all of our passwords here in plain air, don't you think?

I really don't get what's the big issue here. "False sense of security"? Well, you can turn the problem the way you want, but I strongly prefer A master password RATHER THAN NO master password at all.

Regards.

" Issue 136126   has been merged into this issue."

Gee, doesn't it appear that users WANT this feature if they keep requesting it over and over?

I won't use Chrome as my default OR secondary browser until this is fixed.

 Issue 144599  has been merged into this issue.

Why are we now *FOUR YEARS* later, the issue is STILL not addressed  and now on reve. Version 22.0.X.....

WHY WHY the reluctance to implement one?

If nothing else, how about a solution, enough for a "Rookie Techie"--cause them to move to next--say 128-bit encryption?  Not talking BLOWFISH. 

The entire POINT of having a Master Password, is NOT a jail break solution to keep someone *OUT*--we *ALL KNOW*---if someone wants in, they'll get in. 

Ie CIA/NSA/FBI--(amongst other no name targets). Your Normal/average/everyday user simply wants to keep people from obtaining access with NO EFFORT. Friend at lunch, walk to desk, open Chrome, settings, password, BOOM--have the keys to their checking account. 

For example, people know that when they purchase a home security system, it does *NOT* keep the bad people out, the hope is 2-scenarios---1st, simply because you have the appearance of security, they pick the next house (why bother if an alarm system??)

2nd-IF they do choose to attack your home, they have X-minutes before police are called and arrive.

That is what your average user wants/needs (have you *EVER*--seen an "uproar" over the Master Password in Firefox?? Even *ONE* Hack/News article?

The point is, *MOST PEOPLE*--are tolerant of fault. I mean, how does Twitter keep it's user base, with a "Fail Whale" about one time a month???? With a Master Password, they go to bed saying "Well, least I tried" --if "Hacked"(they don't blame anyone)

*HOWEVER*--once Chrome starts getting attacked, people *WILL* ask, "how was a bad guy able to get my password", When explained, it was held in an unencrypted DB, that a freely available tool was used. Even a non-techie can get your passwords using Nirsoft’s Chromepass to get a full list of all usernames/passwords –saved to a flat file in 10-seconds or less!!! 

Even people like my 95-year old Aunt will ask "well, why don't they have a security system, like the neighbors, to keep the bad guys out". 

A VERY LOGICAL question and VERY LOGICAL solution. 

I find it * EXTREMELY* hard to believe there is a "Mission Critical" decision (involving inability to dev. property security/thus have *NO SECURITY AT ALL*). 

PLEASE that statement is *IGNORANT* at best, and were I to put on my tin foil hat, I might even be convinced to believe *THERE IS* a "MISSION CRITICAL* (whatever it might be)--reason *NOT* to encrypt/deploy password protection. 

It makes NO LOGICAL sense, not to imbed one *OR* not to encrypt saved pw's. 

Dear lord, if you think 2-step PW's are "not important, unless fool proof"--Next time you go to lunch, leave your desktop open/without a pw, see what havoc your "techie friends" do on your DEV computer!

That's the most *LOGICAL* way to explain the need. If Chrome does not need it, then *YOU* do not need to lock your Linux desktop when away, you do not need to lock your car, you do not need to lock your door to your home. I mean, it's not "fail safe"--so why bother?

As somebody who uses multiple different devices in different places, the lack of a master password is just ridiculous. How would google even expect to have something like firefox sync, if all a person has to do to get the passwords is simply open chrome/chromium ?

No thank you. Until this is fixed chromium will just be fancy browser used for incognito sessions.

 Issue 124558  has been merged into this issue.

I tried searching for this issue and made my own that is now merged in. THIS IS A PROBLEM AND NEEDS TO BE FIXED.

(No comment was entered for this change.)

Passwords are already encrypted in the "Login Data" file with your OS login information, per issue 99482. This is a problem for two reasons:

1. If you reinstall your OS, you can't migrate your passwords.
2. If you install Chrome on a portable drive, to be used on multiple computers, your passwords will appear blank on all but the original machine.

Would explicit encryption with a master password solve these problems?

 Issue 269914  has been merged into this issue.

 Issue 269914  has been merged into this issue.

 Issue 270133  has been merged into this issue.

Seeing as this is something people have been repeatedly asking for for nearly FIVE YEARS, this is something that the Chromium devs should DO?
It should be trivial to encrypt the passwords with the Master Password rather than the OS login information.

 Issue 270679  has been merged into this issue.

Since I reported this bug in '08 until Mashable reported on it last week (http://mashable.com/2013/08/07/chrome-password-security/), all Chrome users want is some form of authentication immediately before the "show" passwords functions shows your passwords in plain text. That is all we ask.

IMO, the passwords can be encrypted in the "Login Data" file using the OS login information, but additionally, in Chrome while accessing the "manage passwords" form, uppon the first click on "show", a master password should be requested, it does not have to be something very fancy, but would do the work for instance while at work someone misses to lock the laptop and someone else can sneak in and steal all your stored pwds...

The thing that bites me is that keeping my most important passwords (like my bank password) out of Chrome and the Google system on OS X is a serious PITA due to issue 43969. I have to click on 10 "deny" buttons every time I restart Chrome.

Wait, does this mean that I just uploaded all my passwords without encryption onto the Google web-servers?! I got a warning e-Mail from our universities IT department recently that this happens with people pushing their WLAN passwords on Android devices into the cloud.

no, it doesn't mean that at all.  please read the documentation:
http://www.google.com/intl/en/chrome/browser/privacy/whitepaper.html#signin

Issue 330752 has been merged into this issue.

Hey @vapier, any thoughts on my comment #138?

Looks like the issue has been fixed in the current Dev build in Windows.
When pressing the "Show" button, Chrome asks for the user's OS password.

Chrome version: 33.0.1750.5 Dev


Chrome Flags has a flag to disable this:
Disable Password Manager Reauthentication
Mac, Windows

Since Mac is a supported platform to disable the extra authentication, I guess it also works on Mac and not yet on Linux/Chrome OS.

	Chrome password encryption.png 15.8 KB   View   Download