> "Houses shouldn't have locks; you've got glass windows, don't you?! It's a false sense of security!"
Chrome's threat model [1] paints a different analogy. In their view—which I do think is reasonable—the OS is the house and Chrome is simply a room in the house. You don't put locks on all of the interior doors of your house to keep out burglars who might've bypassed your front door, do you?
Their threat model makes sense for many users, and it's flawed for many others. One valid criticism that I do support of Chrome's model of handling passwords is the obscurity of it all. Users as a whole should certainly have a much better idea of how their passwords are being handled.
> the OS is the house and Chrome is simply a room in the house. You don't put locks on all of the interior doors of your house to keep out burglars who might've bypassed your front door, do you?
Most single family homes do, in fact, have locks on interior doors. And they're built that way, as that's what most people want.
Chrome's threat model [1] paints a different analogy. In their view—which I do think is reasonable—the OS is the house and Chrome is simply a room in the house. You don't put locks on all of the interior doors of your house to keep out burglars who might've bypassed your front door, do you?
Their threat model makes sense for many users, and it's flawed for many others. One valid criticism that I do support of Chrome's model of handling passwords is the obscurity of it all. Users as a whole should certainly have a much better idea of how their passwords are being handled.
[1] http://www.chromium.org/Home/chromium-security/security-faq#...