Feeds

back to article Chrome makes new password grab in version 34

Google has announced that Chrome 34 is now stable enough to be promoted to the Stable Channel. In a few days it will therefore become the default version for millions of users. Most of the updates to the browser are anodyne: there are 30-odd security fixes, a new look on Windows 8 and what Google labels “Lots of under the hood …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

My passwords are mine, only mine, so just piss off.

9
6

@Lars - fine, then switch it off. Personally I choose convenience over a (slight) risk in security. That's my choice and you can have yours. What's the problem?

What I really don't like is the site - even somewhere like the Open University - forcing me to type the bloody password every time, when I would rather not bother.

18
1
Silver badge

Chrome...

...deleted

9
13

Re: Chrome...

Why even use Chrome in the first place when there's Chromium, Iron and Dragon. Same engine. Maxthon is kind of interesting also. I find I need backup browsers for when, say, Firefox wants to open each and every flash object on a page. All at once....

0
0
Silver badge
Devil

Nup

I've never trusted it and I never will.

10
2
Anonymous Coward

Fortunately, there is still Firefox

Nuff said

8
4
Silver badge

Re: Fortunately, there is still Firefox

But for how long before they join the data leeches?

1
1
Anonymous Coward

Re: Fortunately, there is still Firefox

No there isn't. Nobody should use a browser that is made by people who don't support freedom of expression.

3
31
Silver badge
WTF?

Re: Fortunately, there is still Firefox

" Nobody should use a browser that is made by people who don't support freedom of expression."

I'm about to put all my computers in a skip, I am now ashamed to use any tech, any more.

Most of my clothes will also go, my pushbike, my car, I won't be eating anything either.

I refuse to acknowlede the existance of the ISS or NASA.

I am ashamed to have ever bought anything in my life, ever.

I don't even know why I'm even typing this using a box of chips that has been made using the blood of newborn babies and fluffy bunnies.

What sort of closeted, isolated Shangri-La do you live in?

21
1
Anonymous Coward

Re: Nobody should use a browser blah blah

Stop using JavaScript for all sites then.

Stop being a cock too.

7
1
Bronze badge
Happy

Re: Fortunately, there is still Firefox

Have an upvote from me due to best joke of the day

0
0
Anonymous Coward

Re: Fortunately, there is still Firefox

Did I read somewhere recently that Firefox is being kept alive with funding from Google?

0
0
Silver badge

Re: Fortunately, there is still Firefox

"No there isn't. Nobody should use a browser that is made by people who don't support freedom of expression."

The CEO responsible for that was fired the other day.

Do try and keep up.

Or was that sarcasm? If so, for future reference, please remember to use "/sarcasm" tag. Thank you.

1
1
Anonymous Coward

Re: Fortunately, there is still Firefox

It was indeed sarcasm. Should need to add a tag, and you lot need to stop taking yourselves so seriously. 30 downvotes? 30 retards...

0
0
G2
FAIL

@article author: reading comprehension FAIL

quote:

That means that even if users turn off Chrome's feature that collects and automatically enters their login credentials to web services, the browser will nonetheless make the offer to do so.

/quote

NO, that's not what it means, you totally misunderstood the change... if the user turns off the password manager then it stays off.

This change affects only when a web SITE specifies the parameter autocomplete=off on a password input field, the browser will ignore that and instead will use the USER's preference instead of the SITE's preference: if the user has the password manager enabled then it will use that for autocomplete. If the user has disabled the password manager then it stays disabled.

29
0
Silver badge

Re: @article author: reading comprehension FAIL

Thanks for the correction. Looks like the Reg has modified the article now.

Now, if that's what happening, then it makes a lit more sense. No objections from me.

4
0

Re: @article author: reading comprehension FAIL

What you say makes sense. So I upgraded to v34 and tried it out by logging into a couple of sites. No request to save password.

0
0
Bronze badge
Stop

Re: @article author: reading comprehension FAIL

@G2

This change affects only when a web SITE specifies the parameter autocomplete=off on a password input field, the browser will ignore that and instead will use the USER's preference instead of the SITE's preference: if the user has the password manager enabled then it will use that for autocomplete. If the user has disabled the password manager then it stays disabled.

So Google, and apparently you, think that it is OK to break W3C HTML5?

3
5

Re: @article author: reading comprehension FAIL

"So Google, and apparently you, think that it is OK to break W3C HTML5?"

Fuck yeah. Its a mark up language, not a contract.

14
2
Def
Bronze badge

Re: @article author: reading comprehension FAIL

So Google, and apparently you, think that it is OK to break W3C HTML5?

Google have always had a fairly cavalier attitude to standards anyway. They're as bad today as Microsoft used to be.

Also, does Chrome store your passwords in the cloud so you can access them from anywhere? While I certainly hope they don't, nothing would surprise me.

6
3
Silver badge

Re: OK to break W3C HTML5

It's a "living standard". Once Google push this to all the Chrome desktop users it IS the standard!

0
2

Re: @article author: reading comprehension FAIL

Also, does Chrome store your passwords in the cloud so you can access them from anywhere? While I certainly hope they don't, nothing would surprise me.

If you have browser sync enabled Chrome copies your favourites, and autocomplete to a hidden file in your Google Drive, then if you log into Chrome from a different computer your settings are copied to that browser.

I knew it did the favourites, but I wasn't aware it synced autocomplete until I installed Chrome on a new PC at the weekend.

I'm not sure if I like this idea or not, depends who secure the encryption is on Google Drive

0
0
Bronze badge
Joke

Re: @article author: reading comprehension FAIL

@zooooooom

"So Google, and apparently you, think that it is OK to break W3C HTML5?"

Fuck yeah. Its a mark up language, not a contract.

So, you would be a systems/hardware person then?

4
5
Silver badge

Re: @article author: reading comprehension FAIL

From the spec itself*:

"A user agent may allow the user to override an element's autofill field name, e.g. to change it from "off" to "on" to allow values to be remembered and prefilled despite the page author's objections, or to always "off", never remembering values. However, user agents should not allow users to trivially override the autofill field name from "off" to "on" or other values, as there are significant security implications for the user if all values are always remembered, regardless of the site's preferences."

In other words, google are following the spec to the letter on this one.

*source http://www.w3.org/TR/html51/forms.html#attr-fe-autocomplete

6
1
G2

Re: @article author: reading comprehension FAIL

quote:

So Google, and apparently you, think that it is OK to break W3C HTML5?

/quote

on the contrary, this behavior is mandated by the W3C HTML principles:

http://www.w3.org/TR/html-design-principles/#priority-of-constituencies

what's happening is that all the OTHER browsers are breaking the HTML design principles by forcing a user to do what a site wants (disabling the autocomplete) instead of prioritizing the user's wishes. In this case Chrome might be the first browser to actually comply with the W3C principles.

Now.. the problem here is that while browsers come with password managers and they ask the user if they want to save the password, a lot of people will click "yes" without thinking...

What the browser designers should have done instead of just blindly clicking on a "yes" button is forcing the user to think when they save a password.

Instead of just clicking that button they should be presented with a more puzzling challenge, e.g. solving a captcha or typing the "yes" answer themselves.

3
1

I've uninstalled Chrome from all my machines after the last update that installed itself as a background service on ALL my PCs that had it installed.

I find IE a pretty capable browser these days. Might give Opera another go though.

2
0
Def
Bronze badge

Might give Opera another go though.

Opera is just Chromium these days, and it's total piece of shit. Version 12 was the last real Opera. I'm currently pondering which browser I should migrate to.

Maybe I'll write my own. (Or at least drop my own UI on top of the more standardised components out there.)

5
0
Bronze badge

Chrome warned me about running as a background service and asked me permission to do so.

You can turn it off in the advanced settings, it's not difficult to find for someone technically competent

0
0
Anonymous Coward

@Chris Ashworth

Can't comment on the latest version of Opera as it isn't available on Linux where I spend most of my time, but it's been getting a lot of unfavourable comments in their forums.(Bookmarks in particular.) I'm looking at moving away from Opera because 12, while being nice to use, tends to stall on a lot of pages at the last element and it tends to go mental if I want to look at Flash stuff. Don't like the feel of Chrome and Midori, which I had hopes for, puts massive black borders around any text entry fields if you have the wrong theme (GTK?) selected. Looks like it's going to be Firefox for me all the time soon, though I've never really been a fan. Probably gonna ditch Kontact too, in favour of Thunderbird. Because Akonadi is *sooo* great.

0
0
Silver badge
FAIL

re: google update

The problem is that the installer ignores the currently installed version's parameter setting? Why? Do they think I turned off automatic updates by mistake?

0
0

I don't mind it installing itself as a service on my main machine after asking permission.

What I do mind is it automatically installing itself onto every other machine I had Chrome on...HTPCs/servers etc.

Simpler to just uninstall than faff about in settings. Chrome was good for giving the competition a kick up the arse...but these days it has no benefits over them, and a major downside (i.e. constantly having to be on your guard for 'new features' that are hooking you deeper into the googleplex). No thanks.

1
0
Silver badge

I'm not entirely opposed...

...to storing passwords somewhere, I just don't think that place should be the browser. It seems way too public a place to store them, both against external and, um... potential domestic threats, even encrypted behind a "master password". If I ever start using stored passwords, they should at the very least be auto-typed from my phone or another personal physical token - obviously, a challenge-based approach would be better than typing in a plaintext password but I have no idea how that could be achieved with the currently ubiquitous login boxes.

0
0
Silver badge

Re: I'm not entirely opposed...

Well, I already know someone who's putting together a devastatingly simple and deliciously geeky thing. It involves an Arduino, a keypad, a chopped up USB cable, and enough code to say "oh hello computer, I am a keyboard."

Tap a PIN on the keypad. The Arduino fires a password over the USB cable. Magic password storing box. Tada.

3
0

Re: I'm not entirely opposed...

Don't want to spoil your friend's Arduino fun but hasn't this been done already? (Yubikey)

0
0
Silver badge

Re: I'm not entirely opposed...

Unsure. If I remember right, the idea of this thing is to use the URL, some other information and a salt to construct a hash, so you get a unique password for every site, without having to even make up a password.

The person I'm on about is a commentard here, so if they see this message, I'm sure they'll elaborate.

1
0
Bronze badge

Re: I'm not entirely opposed...

"and enough code to say 'oh hello computer, I am a keyboard.' "

" the idea of this thing is to use the URL"

Keyboards aren't told the URL of a web page so there must be more to it than that.

1
0
Anonymous Coward

Re: I'm not entirely opposed... @Joe Harrison

No reason not to do it yourself though, as I'm sure you'd agree. Even if it's been done before it's much easier to learn about programming if you have something to program. Exercises from textbooks or whatever are good, but something you actually want is better :)

1
0

This post has been deleted by its author

Anonymous Coward

Re: I'm not entirely opposed...

Well, I wasn't going for quite that. It displays the password on a small screen to type in. The trick is that the device doesn't have a master password as such - it has no persistent storage at all.

1. Enter 'master password'

2. Enter name of site.

3. Device outputs a printable-character representation of a truncated sha1 of whatever you just typed in.

Thus no worry about losing the device, and no possibility of someone cracking it somehow if they steal it. Every site gets a unique password.

0
0

Re: I'm not entirely opposed...

That sounds an awful lot like security through obscurity

0
0
Bronze badge

Re: I'm not entirely opposed...

So if your master password gets compromised then anyone anywhere will be able to work out the passwords to any sites you use?

If you forget the master password you lose access to all sites?

If you wish to change your master password you have to change the password on every site you've ever used?

You have to keep the device with you wherever you go?

You would have to type whole URLs and Master Password onto - i presume a small keyboard every time you want to visit a site?

Surely - KeePass or similar would be far easier.

0
0

I became more paranoid a few months ago and started using a password safe which can also generate passwords. Before this my passwords were pretty much the same with some variations. It's a pain when you want to logon somewhere where you can't open the safe but ill deal with it.

The ammount of credentials cached by browsers and their ease of access was rather straight forward. To easy for my liking. I'll keep avoiding Chrome thanks.

4
0
Meh

It's a shame Chrome can delete it CEO like Firefox can.

Don't be Evil → Don't be greedy

0
0
Silver badge
Happy

Thanks Google...

...now just need to wait for the Iron release

3
0

If you must use chrome, I'd go with Iron - less "features"

No unique Installation-ID sent to Google

No Suggestions (remote logging of everything you type to google)

No Alternate Error Pages

4
0
Silver badge

re: alternate error pages

I agree. At least firefox still allows you to display the error codes.

0
0
Bronze badge
Big Brother

Beyond parody

Google "Don't be evil" indeed.

3
3
Anonymous Coward

Re: Beyond parody

How is this in any way evil? It follows the W3C spec which says a user should decide whether to honour the autocomplete field. It also gives you the option of turning this off for this one site or all sites.

Anyone who doesn't want Google to store their passwords doesn't have to (any it is simple for even non-tech literate users to do this) but for people who do this it stops them having to use easy to remember passwords or write them down.

2
1
WTF?

hmmmmm

They must of read how to annoy users and alienate their user base.

2
4
Bronze badge
WTF?

Re: hmmmmm

How is giving the user the choice to use this or not, annoying and alienating them?

Next you'll be saying that removing options that people use makes those users happy?!

1
0

Page:

This topic is closed for new posts.