Wednesday, August 7, 2013

Plaintext passwords

I saw this (and this) and instantly thought: seems fair, if you saved the password for a site then anyone with access to the browser can log in to the site. So why not display the password in plaintext if a user wants to see it? The only reason would be to allow users to save a password for a less important site and use the same password on a more important one. That way, if someone got access to the browser they can login to the less important site but not the more important one.

The tradeoff, however, is that showing the password is a great usability feature. If I save the password, I tend to forget it and when I want to log in from somewhere else I need to see the saved one. The Chrome developers chose usability for this case. I would do the same. In fact, I would be upset if I cannot see the password when I want to see it. [Some banks don't let you see your own account number when you log in and I find that silly and upsetting.]

I think the confusion arises from the publicity given to some data breaches where passwords were not encrypted or were hashed without salt. This issue is clearly different from the browser's saved password feature. This issue is comparable to a thief getting access to everyone's money in a bank while the browser issue is more like me getting to count the money in my wallet.