Security versus Convenience

Elliott Kember wrote the headline: “Chrome’s insane password security strategy

Kember points out the way Google Chrome manages saved passwords.

There’s no master password, no security, not even a prompt that “these passwords are visible”. Visit chrome://settings/passwords in Chrome if you don’t believe me.

Yes indeed. Unlike Mozilla Firefox, Google Chrome does not offer users to set Master Password. Apple added Passwords Manager in Safari 6; the passwords are actually stored in users’ Keychain.

Justin Schuh, who works on Google Chrome Security according to his Hacker News profile, says that it was a design decision to not include Master Password in Google Chrome.

For most users, there’s a certain level of inconvenience they are willing to tolerate when dealing with security. Unsurprisingly a lot of users are still using obvious passwords or none at all for their computer login. That’s because they prioritize convenience over security.

Security and convenience have an inverse relationship. It would look something like this:

Security-vs-Convenience-Linear

that is true if it is a linear relationship. In reality it looks more something like the following:

Security-vs-Convenience-Curved

It is more like a curve line. More convenience means less security.

The concern about the way Google Chrome manages passwords is valid. At the same time there is a bigger issue with security. Having a Master Password option would be useless if it is the same obvious password people are using for their computer login. Most users using Mozilla Firefox never set the Master Password at all.

Users need to understand why they need to secure their computers. Ultimately the users are the one to set the security level based on their convenience level.

Santa Monica, CA