So for example, if you're on OSX, that's the system's Keychain.
When passwords are saved locally on your computer, Google will attempt to use whatever local password vault might exist. But there's are different aspects to this depending on the setting, plus a few details that you should keep in mind. NOTE This answer may be outdated due to improvements in Chrome since this answer was written.įirst of all, Chrome does encrypt your passwords and other secret data. I'm asking about intelligent malicious hackers. PS: I don't care about friends, family or novices gaining access to my account. Is that true?Īlso, from a practical perspective, is one or the other more likely to be hacked in real life? Are there certain attack vectors which are more common or more successful that would work one one of these or not the other?
With those givens, all other things being equal, is LastPass any safer than Chrome? It seems like once malicious software gets on my system, or a bad guy has access, it doesn't matter from a theoretical perspective, I'm 100% compromised.
Or install OS user account level monitoring software. Install malicious extension to intercept all your browsing activity, Said bad guy can dump all your session cookies, grab your history, Within the OS user account just aren't reliable, and are mostly justĬonsider the case of someone malicious getting access to your account. Beyond that, however, we've found that boundaries So, Chrome uses whateverĮncrypted storage the system provides to keep your passwords safe forĪ locked account. Your password storage is the OS user account. I'm the Chrome browser security tech lead, so it might help if IĮxplain our reasoning here. Justin Schuh defended Google's reasoning in the wake of this post detailing the " discovery" (sic) that passwords saved in the Chrome password manager can be viewed in plaintext.