Ubuntu – Manage passwords in Chromium –> security risk


I realized that in Chromium (and also Chrome) for Linux it is possible to see all saved passwords in clear text. That seems a bit strange to me… after a short research I found out that

  • it is not like that in the Windows edition of Chrome where you need your Windows password to see your saved passwords in clear text.
  • in Firefox you need a master password to see your saved passwords.

Soo, my questions are the following ones:

  1. If nobody else but me has physical access to my PC, it is a security risk not to have a master password for my saved passwords in Chromium?
  2. Why does Google not implement that same feature for Linux while it exists for Windows???
  3. How save is it in general to save my passwords in Chromium?
  4. I set a synchronisation password in Chromium. Does that mean that my passwords are saved on a google server in ENCRYPTED form so that not even google can read them, even if they wanted? I mean, do they have a key for it in this case?

I am curious for your answers!


Best Answer

Google leaves your Chrome passwords unprotected to promote security. (article)

Google doesn't secure stored passwords, stating that it does not want "to provide users with a false sense of security and encourage risky behavior." Schuh's argument is that if a would-be attacker had access to a user's machine then "the game was lost," as there would be "too many vectors for [the attacker] to get what he wants."

Related Question