Long overdue
Good to see Google finally get off their collective butts and make an attempt to fix this gaping hole.
Also, love the idea of using the OS credentials for authentication instead of setting a master password. However, what happens if the user has not set a password for his/her user account?