That doesn't sound good. The more I read, the more Google should have stayed out of the smartphone, tablet, computer and browser market.
I'm glad I use only Safari and Firefox.
Firefox has the exact same system as Chrome. Go to Options in Firefox - Security - Saved Passwords - Show Saved Passwords. Just click yes and there you go.
Try this in Safari. Enable 'Show Develop menu in menu bar' in the advanced tab of the settings. Then go to a website where your password has been saved for auto fill in. Control-click on the password (masked at this point) and select 'inspect element' and change the type from "password" to "text". Your password should be in plain text visible for anyone to see now.
The Safari keychain encryption is easily beaten. Google is right here in saying that from the moment someone has physical access to your computer any extra security is only there to give you a false feeling of security.
In many cases, physical access means "game over" as far as security is concerned.
Did Google screw up? Sure, no question about that. But I wonder what the real answer is. Safari does present a password dialog when you ask it to show passwords, but I would wager that people's Admin passwords are no more secure that whatever they're typing into a form on some website. It's made to be easy because people have so many passwords that they forget which account is for which site. "Normal" people (e.g, my parents) don't use things like 1Password or understand why they need it.
This isn't surprising, but I'm not sure how we move towards a situation where we're all using secure passwords. The idea of a Master Password isn't too bad, but you're (obviously) screwed if it gets out.
Except, forcing the user to enter a "master password" simply gives the user the illusion of security, and really doesn't provide any extra security. Unless the master password is entered EVERY time the user starts up the web browser, the passwords have to either be stored in plain text, or be encrypted, but the decryption key must be stored in plain text. There IS NO SECURITY for most password managers. It simply does not exist. Anyone who knows ANYTHING about computer security would realize this.
The difference is that google is upfront and honest about the issue, whereas apple attempts to hide the passwords using the age old "security by obscurity" model. Making it semi-difficult to get access to the passwords does not make them safer, not when anyone who really wants them can easily get to them.
However, it seems everyone on this forum just wants to bash google because they dare to compete against apple (thus forcing apple to make better products). I swear sometimes I think everyone on this forum must own tons of apple stock and don't really care about apple products or the experience. The primary concern is cutting down competitors, and looking out to ensure that apple makes more profits than the oil companies.
5. Change the minutes of activity to whatever you want.
You have the option of auto-locking after zero minutes of inactivity. You'll need to enter your master password every time Keychain needs to be accessed.
Yep, good find. Here is a detailed how too for those who want to use PhilBoogie's idea. The problem is there are still many workarounds to get website passwords, Chipsy pointed out a major hole a few posts above with Safari. There are very few people who actually follow proper security protocols making most computers extremely vulnerable when they are physically in front of an unwanted user. It still dumbfounds me the amount of people who still use auto login, don't set a firmware password to stop the resetting of the OSX users password through the Installation Tools found on the boot medium and especially don't encrypt their home directories with File Vault. I personally moved my entire home-directory onto a high speed SD card in my Macbook Air. This way I always have my data with me, in which ever device I'm currently using. I know it sounds like an overkill but I think it's really convenient, my data and the fact that the Keychain data is stored under the Library folder in the home directory, their never untended.
To be fair, I copied it from a website. But yes, I do know about this keychain protection, and use it. I don't have auto login, and tell people not to use it either. And explain to them why.
I also have all of my HDD's and SSD encrypted, but don't use FileVault (because of how messy v1 was) v2 supposedly is way better; I should make to time to read up on it.
From the SD Card link, I take it you're using a 64GB card? Does the Air read a SDHC 128GB Card? Someone here ([B]mstone?[/B]) that a 128GB card didn't work with the CCK for iPad use.
I would argue that in the first example (leaving your computer logged on and unattended), the person deserves whatever they get, but in the second example, it actually doesn't happen as often as you might think. I work with hundreds of people who know nothing about computers or viruses and many of them aren't that smart, but only once or twice a year (if that), does anyone get tricked into putting their personal credentials into a web site or email scam.
I was just trying to give examples of cases where someone can gain access to your machine without actually needing to know your login information (hence refuting the "if they have access to your computer they already know your login" argument).
For the second case, I meant buffer overflow attacks where the malicious website/attachment exploits some security hole in your browser/email client, thereby gaining full access to your computer without knowing your login. After that, the payload could be a program which harvests your Google password store and uploads it somewhere.
If it were Apple, this would be on CNN, Fox, and Jon Stewart.
Since this is Google, it's irrelevant. Fanboys and iHaters will simply call this a "feature" and hope everyone forgets about it in a week.
That's because people expect Google to screw up and when Apple does, it's a MAJOR news story, but when Google does something wrong, it's tiny little article that hardly anyone sees. I'm on to Google's lobbying efforts, I wonder how many Nexus Phones or Google Glass they are handing out under the table to people in the media? I wouldn't put it past Google to do that as damage control, but I already know Apple doesn't hand out product like Candy to people in the media. They loan products out for product announcements, but they don't give them away.
To be fair, I copied it from a website. But yes, I do know about this keychain protection, and use it. I don't have auto login, and tell people not to use it either. And explain to them why.
I also have all of my HDD's and SSD encrypted, but don't use FileVault (because of how messy v1 was) v2 supposedly is way better; I should make to time to read up on it.
From the SD Card link, I take it you're using a 64GB card? Does the Air read a SDHC 128GB Card? Someone here (mstone?) that a 128GB card didn't work with the CCK for iPad use.
Oh sorry I wasn't emplying that your howto was incorrect, I just provided a link because it shows why you would want this and has pretty pictures. The 128GB SD cards work fine but there not the fastest. The 64GB was a good compromise between speed and storage.
Oh sorry I wasn't emplying that your howto was incorrect, I just provided a link because it shows why you would want this and has pretty pictures. The 128GB SD cards work fine but there not the fastest. The 64GB was a good compromise between speed and storage.
1) No sorry needed.
2) Yep, better to focus on the balance of speed and storage.
That's because people expect Google to screw up and when Apple does, it's a MAJOR news story, but when Google does something wrong, it's tiny little article that hardly anyone sees. I'm on to Google's lobbying efforts, I wonder how many Nexus Phones or Google Glass they are handing out under the table to people in the media? I wouldn't put it past Google to do that as damage control, but I already know Apple doesn't hand out product like Candy to people in the media. They loan products out for product announcements, but they don't give them away.
To be fair this is not a new story, it has been discussed multiple times over the years. I would also argue that iHaters do their fair share of Google hating as well, your post being a pretty good example. It's our human nature to nip at the heals of the biggest guy on the block, it shouldn't be seen as a bad thing but a sign that Apple is doing well. It's when the industry stops talking about them in any light that you should start being offended.
I haven't heard of any such practice's by Google, bribing reporters with cheap gadgets. Google has always given away free products, especially at their conferences and to reviewers. I visited their campus in Switzerland a year back and you should have seen the swag bag I came home with, Chromebook, T-Shirts and hats for the kids, leather letterman jacket, Google Swatch, Converse with Google colours, Google TV device and a whole lot more. I'm not part of any media outfit, I was just visiting a friend on her birthday. Granted she is a department head and has the keys to the swag room, boy did I raid that place, she kept saying, oh you defiantly want one of these, who was I to argue.
That would be a good argument for a Thunderbolt type storage device the size of a USB stick. Call it a ThunderStick, oh that's kind of dirty. Walk into an Apple store and try to order one of those with a straight face. "Yes, I would like the biggest ThunderStick you have please", Apple clerk with a funny smirk on his face, "maam I don't think that's very appropriate", another clerk jumps in,"it's okay Jay, I think I have what the lady wants", "huh, oh no, wait a minute".
That would be a good argument for a Thunderbolt type storage device the size of a USB stick. Call it a ThunderStick, oh that's kind of dirty. Walk into an Apple store and try to order one of those with a straight face. "Yes, I would like the biggest ThunderStick you have please", Apple clerk with a funny smirk on his face, "maam I don't think that's very appropriate", another clerk jumps in,"it's okay Jay, I think I have what the lady wants", "huh, oh no, wait a minute".
Fortunately they're bus-powered. Otherwise it would be odd to say that your stick ran out of juice.
That's a pretty good system, one of which I wasn't aware of yet. I also like Yubikeys http://www.yubico.com/products/yubikey-hardware/. If you want decent security, using hardware authentication is still your best bet in my opinion.
To be fair this is not a new story, it has been discussed multiple times over the years. I would also argue that iHaters do their fair share of Google hating as well, your post being a pretty good example. It's our human nature to nip at the heals of the biggest guy on the block, it shouldn't be seen as a bad thing but a sign that Apple is doing well. It's when the industry stops talking about them in any light that you should start being offended.
I haven't heard of any such practice's by Google, bribing reporters with cheap gadgets. Google has always given away free products, especially at their conferences and to reviewers. I visited their campus in Switzerland a year back and you should have seen the swag bag I came home with, Chromebook, T-Shirts and hats for the kids, leather letterman jacket, Google Swatch, Converse with Google colours, Google TV device and a whole lot more. I'm not part of any media outfit, I was just visiting a friend on her birthday. Granted she is a department head and has the keys to the swag room, boy did I raid that place, she kept saying, oh you defiantly want one of these, who was I to argue.
WOW, aren't you special. Google to me makes poor code. and doesn't know what they are doing. Boy, your friend sure as heck bought you off. Hook, Line, and SUCKER. I've gotten free stuff from most mfg, but it doesn't mean I'm going to stick up for them.
She GAVE you a Chromebook? Apple does NOT give away computers, they will give away T-shirt and coffee mugs and if they hand out anything more than that its because you did a lot of sales or something else with a customer like invite Apple to have a partner day at a customer's site.
To be fair this is not a new story, it has been discussed multiple times over the years. I would also argue that iHaters do their fair share of Google hating as well, your post being a pretty good example. It's our human nature to nip at the heals of the biggest guy on the block, it shouldn't be seen as a bad thing but a sign that Apple is doing well. It's when the industry stops talking about them in any light that you should start being offended.
I haven't heard of any such practice's by Google, bribing reporters with cheap gadgets. Google has always given away free products, especially at their conferences and to reviewers. I visited their campus in Switzerland a year back and you should have seen the swag bag I came home with, Chromebook, T-Shirts and hats for the kids, leather letterman jacket, Google Swatch, Converse with Google colours, Google TV device and a whole lot more. I'm not part of any media outfit, I was just visiting a friend on her birthday. Granted she is a department head and has the keys to the swag room, boy did I raid that place, she kept saying, oh you defiantly want one of these, who was I to argue.
Yeah, they don't hand out cheap gadgets, they'll hand out expensive gadgets and SWAG. But they gave you expensive stuff, and you're not the media. I wonder how much of these so-called SWAG they give to the media? So, you just validated what I was suspecting.
WOW, aren't you special. Google to me makes poor code. and doesn't know what they are doing. Boy, your friend sure as heck bought you off. Hook, Line, and SUCKER. I've gotten free stuff from most mfg, but it doesn't mean I'm going to stick up for them.
She GAVE you a Chromebook? Apple does NOT give away computers, they will give away T-shirt and coffee mugs and if they hand out anything more than that its because you did a lot of sales or something else with a customer like invite Apple to have a partner day at a customer's site.
We grew up together and if she wanted something from me all she would need to do is ask, not buy me off with silly stuff that I didn't want or ask for, she gave it to my kids, though I did keep the Chromebook, which I have to say I really like. She works in media relationships, used to work for the NY Times Euro Desk. She has more integrity than any person I have ever met and I know she wouldn't buy off any one person for a good story on some blog. The Chromebook I got was a in house development platform, not meant for general use. All of the employees got one, so they threw a bunch of the overstock into the swag room for guests of the facility. Your view of Google is your own business but as I have many friends who work for them and am a long time user of their services I personally like them, especially the way they treat their employees. It is probably the best company to work for.
The feature that makes you enter your account password to view saved credentials in Safari is actually part of the system called Keychain. In fact both Firefox & Chrome could also save your passwords in Keychain as well if they wanted to, they intentionally choose not to.
Also, it isn't your user password that allows you to see the credentials it's your keychain password, it is actually possible to make them different. What happens is when you first create your account on a Mac it uses the password you enter to encrypt your keychain so that the passwords then match. When you login to your Mac it automatically applies that password toward keychain to allow apps that save passwords to automatically log in as well. If someone stole your laptop & reset your user account password using an install disk they can't open your keychain because it's password is impossible to reset without totally wiping out your keychain & starting from scratch (bye bye saved passwords).
Keychain is awesome and for years I've tried to teach users how to open it & create manual entries to keep track of passwords they don't necessarily access via web. Alas even after showing them several times I still know users who keep a text document or sticky note with everything from facebook to bank accounts.
As other posters here have commented under similar circumstances, it requires physical access to your computer (or smartphone or tablet as the argument would be) and so they proclaim it's not that big a deal.
In my opinion it's still not acceptable no matter if a malicious person needs your device in front of him or not. It's even an easy enough fix if Google chooses to do so, which I hope they do.
Perhaps, but since Google's service syncs your passwords across all systems wouldn't this mean that if someone happened to get ahold of your Google account password they could then sign it into chrome & suddenly have all your bank passwords?
Keychain (password store used by Safari) by comparison requires them to sign in to iCloud in order to do this, which then registers your computer serial with Apple & alerts the user by e-mail that someone just setup their icloud account on a new computer.
Comments
Firefox has the exact same system as Chrome. Go to Options in Firefox - Security - Saved Passwords - Show Saved Passwords. Just click yes and there you go.
Try this in Safari. Enable 'Show Develop menu in menu bar' in the advanced tab of the settings. Then go to a website where your password has been saved for auto fill in. Control-click on the password (masked at this point) and select 'inspect element' and change the type from "password" to "text". Your password should be in plain text visible for anyone to see now.
The Safari keychain encryption is easily beaten. Google is right here in saying that from the moment someone has physical access to your computer any extra security is only there to give you a false feeling of security.
Quote:
Originally Posted by CMF
In many cases, physical access means "game over" as far as security is concerned.
Did Google screw up? Sure, no question about that. But I wonder what the real answer is. Safari does present a password dialog when you ask it to show passwords, but I would wager that people's Admin passwords are no more secure that whatever they're typing into a form on some website. It's made to be easy because people have so many passwords that they forget which account is for which site. "Normal" people (e.g, my parents) don't use things like 1Password or understand why they need it.
This isn't surprising, but I'm not sure how we move towards a situation where we're all using secure passwords. The idea of a Master Password isn't too bad, but you're (obviously) screwed if it gets out.
Except, forcing the user to enter a "master password" simply gives the user the illusion of security, and really doesn't provide any extra security. Unless the master password is entered EVERY time the user starts up the web browser, the passwords have to either be stored in plain text, or be encrypted, but the decryption key must be stored in plain text. There IS NO SECURITY for most password managers. It simply does not exist. Anyone who knows ANYTHING about computer security would realize this.
The difference is that google is upfront and honest about the issue, whereas apple attempts to hide the passwords using the age old "security by obscurity" model. Making it semi-difficult to get access to the passwords does not make them safer, not when anyone who really wants them can easily get to them.
However, it seems everyone on this forum just wants to bash google because they dare to compete against apple (thus forcing apple to make better products). I swear sometimes I think everyone on this forum must own tons of apple stock and don't really care about apple products or the experience. The primary concern is cutting down competitors, and looking out to ensure that apple makes more profits than the oil companies.
Phil
Quote:
Originally Posted by patrickwalker
The problem is the flood of passwords to really do anything online anymore. Using the same ones over and over is a terrible idea.
Simple, just store the encryption algorithm(s) in the brain and use the website domain as a seed then every website will have a different password.
Quote:
Originally Posted by PhilBoogie
Good point. Will this work:
Setup autolocking:
1. Launch "Keychain Access".
2. Right click on "login" keychain.
3. Click "Change Settings for Keychain 'login'".
4. Check the "Lock after:" box.
5. Change the minutes of activity to whatever you want.
You have the option of auto-locking after zero minutes of inactivity. You'll need to enter your master password every time Keychain needs to be accessed.
Yep, good find. Here is a detailed how too for those who want to use PhilBoogie's idea. The problem is there are still many workarounds to get website passwords, Chipsy pointed out a major hole a few posts above with Safari. There are very few people who actually follow proper security protocols making most computers extremely vulnerable when they are physically in front of an unwanted user. It still dumbfounds me the amount of people who still use auto login, don't set a firmware password to stop the resetting of the OSX users password through the Installation Tools found on the boot medium and especially don't encrypt their home directories with File Vault. I personally moved my entire home-directory onto a high speed SD card in my Macbook Air. This way I always have my data with me, in which ever device I'm currently using. I know it sounds like an overkill but I think it's really convenient, my data and the fact that the Keychain data is stored under the Library folder in the home directory, their never untended.
I also have all of my HDD's and SSD encrypted, but don't use FileVault (because of how messy v1 was) v2 supposedly is way better; I should make to time to read up on it.
From the SD Card link, I take it you're using a 64GB card? Does the Air read a SDHC 128GB Card? Someone here ([B]mstone?[/B]) that a 128GB card didn't work with the CCK for iPad use.
Quote:
Originally Posted by Gazoobee
I would argue that in the first example (leaving your computer logged on and unattended), the person deserves whatever they get, but in the second example, it actually doesn't happen as often as you might think. I work with hundreds of people who know nothing about computers or viruses and many of them aren't that smart, but only once or twice a year (if that), does anyone get tricked into putting their personal credentials into a web site or email scam.
I was just trying to give examples of cases where someone can gain access to your machine without actually needing to know your login information (hence refuting the "if they have access to your computer they already know your login" argument).
For the second case, I meant buffer overflow attacks where the malicious website/attachment exploits some security hole in your browser/email client, thereby gaining full access to your computer without knowing your login. After that, the payload could be a program which harvests your Google password store and uploads it somewhere.
YES! I finally found this web page! I’ve been looking just for this article for so long!!
Belstaff Jackets
Belstaff Outlet
Belstaff Mens Jackets
Belstaff Motorcycle
Quote:
Originally Posted by sflocal
If it were Apple, this would be on CNN, Fox, and Jon Stewart.
Since this is Google, it's irrelevant. Fanboys and iHaters will simply call this a "feature" and hope everyone forgets about it in a week.
That's because people expect Google to screw up and when Apple does, it's a MAJOR news story, but when Google does something wrong, it's tiny little article that hardly anyone sees. I'm on to Google's lobbying efforts, I wonder how many Nexus Phones or Google Glass they are handing out under the table to people in the media? I wouldn't put it past Google to do that as damage control, but I already know Apple doesn't hand out product like Candy to people in the media. They loan products out for product announcements, but they don't give them away.
Oh sorry I wasn't emplying that your howto was incorrect, I just provided a link because it shows why you would want this and has pretty pictures. The 128GB SD cards work fine but there not the fastest. The 64GB was a good compromise between speed and storage.
1) No sorry needed.
2) Yep, better to focus on the balance of speed and storage.
3) So, ok, the Air does take 128GB cards; thanks.
4) Some put a small portion of their Fusion Drive on an USB stick; creating a Security Key. That way the Mac can only boot with the USB stick in it. Mentioned here:
http://forums.appleinsider.com/t/155321/apples-fusion-drive-now-available-on-new-entry-level-21-5-imac-orders/80
To be fair this is not a new story, it has been discussed multiple times over the years. I would also argue that iHaters do their fair share of Google hating as well, your post being a pretty good example. It's our human nature to nip at the heals of the biggest guy on the block, it shouldn't be seen as a bad thing but a sign that Apple is doing well. It's when the industry stops talking about them in any light that you should start being offended.
I haven't heard of any such practice's by Google, bribing reporters with cheap gadgets. Google has always given away free products, especially at their conferences and to reviewers. I visited their campus in Switzerland a year back and you should have seen the swag bag I came home with, Chromebook, T-Shirts and hats for the kids, leather letterman jacket, Google Swatch, Converse with Google colours, Google TV device and a whole lot more. I'm not part of any media outfit, I was just visiting a friend on her birthday. Granted she is a department head and has the keys to the swag room, boy did I raid that place, she kept saying, oh you defiantly want one of these, who was I to argue.
That would be a good argument for a Thunderbolt type storage device the size of a USB stick. Call it a ThunderStick, oh that's kind of dirty. Walk into an Apple store and try to order one of those with a straight face. "Yes, I would like the biggest ThunderStick you have please", Apple clerk with a funny smirk on his face, "maam I don't think that's very appropriate", another clerk jumps in,"it's okay Jay, I think I have what the lady wants", "huh, oh no, wait a minute".
Fortunately they're bus-powered. Otherwise it would be odd to say that your stick ran out of juice.
That's a pretty good system, one of which I wasn't aware of yet. I also like Yubikeys http://www.yubico.com/products/yubikey-hardware/. If you want decent security, using hardware authentication is still your best bet in my opinion.
Quote:
Originally Posted by Relic
To be fair this is not a new story, it has been discussed multiple times over the years. I would also argue that iHaters do their fair share of Google hating as well, your post being a pretty good example. It's our human nature to nip at the heals of the biggest guy on the block, it shouldn't be seen as a bad thing but a sign that Apple is doing well. It's when the industry stops talking about them in any light that you should start being offended.
I haven't heard of any such practice's by Google, bribing reporters with cheap gadgets. Google has always given away free products, especially at their conferences and to reviewers. I visited their campus in Switzerland a year back and you should have seen the swag bag I came home with, Chromebook, T-Shirts and hats for the kids, leather letterman jacket, Google Swatch, Converse with Google colours, Google TV device and a whole lot more. I'm not part of any media outfit, I was just visiting a friend on her birthday. Granted she is a department head and has the keys to the swag room, boy did I raid that place, she kept saying, oh you defiantly want one of these, who was I to argue.
WOW, aren't you special. Google to me makes poor code. and doesn't know what they are doing. Boy, your friend sure as heck bought you off. Hook, Line, and SUCKER. I've gotten free stuff from most mfg, but it doesn't mean I'm going to stick up for them.
She GAVE you a Chromebook? Apple does NOT give away computers, they will give away T-shirt and coffee mugs and if they hand out anything more than that its because you did a lot of sales or something else with a customer like invite Apple to have a partner day at a customer's site.
Quote:
Originally Posted by Relic
To be fair this is not a new story, it has been discussed multiple times over the years. I would also argue that iHaters do their fair share of Google hating as well, your post being a pretty good example. It's our human nature to nip at the heals of the biggest guy on the block, it shouldn't be seen as a bad thing but a sign that Apple is doing well. It's when the industry stops talking about them in any light that you should start being offended.
I haven't heard of any such practice's by Google, bribing reporters with cheap gadgets. Google has always given away free products, especially at their conferences and to reviewers. I visited their campus in Switzerland a year back and you should have seen the swag bag I came home with, Chromebook, T-Shirts and hats for the kids, leather letterman jacket, Google Swatch, Converse with Google colours, Google TV device and a whole lot more. I'm not part of any media outfit, I was just visiting a friend on her birthday. Granted she is a department head and has the keys to the swag room, boy did I raid that place, she kept saying, oh you defiantly want one of these, who was I to argue.
Yeah, they don't hand out cheap gadgets, they'll hand out expensive gadgets and SWAG. But they gave you expensive stuff, and you're not the media. I wonder how much of these so-called SWAG they give to the media? So, you just validated what I was suspecting.
Quote:
Originally Posted by drblank
WOW, aren't you special. Google to me makes poor code. and doesn't know what they are doing. Boy, your friend sure as heck bought you off. Hook, Line, and SUCKER. I've gotten free stuff from most mfg, but it doesn't mean I'm going to stick up for them.
She GAVE you a Chromebook? Apple does NOT give away computers, they will give away T-shirt and coffee mugs and if they hand out anything more than that its because you did a lot of sales or something else with a customer like invite Apple to have a partner day at a customer's site.
We grew up together and if she wanted something from me all she would need to do is ask, not buy me off with silly stuff that I didn't want or ask for, she gave it to my kids, though I did keep the Chromebook, which I have to say I really like. She works in media relationships, used to work for the NY Times Euro Desk. She has more integrity than any person I have ever met and I know she wouldn't buy off any one person for a good story on some blog. The Chromebook I got was a in house development platform, not meant for general use. All of the employees got one, so they threw a bunch of the overstock into the swag room for guests of the facility. Your view of Google is your own business but as I have many friends who work for them and am a long time user of their services I personally like them, especially the way they treat their employees. It is probably the best company to work for.
Also, it isn't your user password that allows you to see the credentials it's your keychain password, it is actually possible to make them different. What happens is when you first create your account on a Mac it uses the password you enter to encrypt your keychain so that the passwords then match. When you login to your Mac it automatically applies that password toward keychain to allow apps that save passwords to automatically log in as well. If someone stole your laptop & reset your user account password using an install disk they can't open your keychain because it's password is impossible to reset without totally wiping out your keychain & starting from scratch (bye bye saved passwords).
Keychain is awesome and for years I've tried to teach users how to open it & create manual entries to keep track of passwords they don't necessarily access via web. Alas even after showing them several times I still know users who keep a text document or sticky note with everything from facebook to bank accounts.
Quote:
Originally Posted by Gatorguy
As other posters here have commented under similar circumstances, it requires physical access to your computer (or smartphone or tablet as the argument would be) and so they proclaim it's not that big a deal.
In my opinion it's still not acceptable no matter if a malicious person needs your device in front of him or not. It's even an easy enough fix if Google chooses to do so, which I hope they do.
Perhaps, but since Google's service syncs your passwords across all systems wouldn't this mean that if someone happened to get ahold of your Google account password they could then sign it into chrome & suddenly have all your bank passwords?
Keychain (password store used by Safari) by comparison requires them to sign in to iCloud in order to do this, which then registers your computer serial with Apple & alerts the user by e-mail that someone just setup their icloud account on a new computer.