Master Password Redux
|Reported by:||david lund||Owned by:|
|Keywords:||master password, plain text issue, security||Cc:|
|Component version:||Operating system type:||Windows|
|Operating system version:|
Master Passwords similar to Firefox etc should be part of any application that stores information of a personal nature. Not as the end all of security solutions that will prevent login information from being compromised, but rather a part of the process to help secure information safely.
While it is easy to argue there is no security ever good enough if you are compromised (which is the argument I have seen so far) it doesnt really take a big picture look at either the request or the argument against it. Arguing that more casual methods to prevent password snooping does not help if a system is compromised is no different than arguing that a compromised system wont log your keystrokes when you manually enter your password.
The big picture view would be that a master password allows a layer of protection from the casual browser who may use my computer while I am on vacation from work, or at lunch, or many other times I am away from my desk. Sure they could install something to keylog, but they could do that even if there is not a master password.
However, it DOES provides a layer of protection from the opportunistic person who is just poking around for fun and might be enticed by something they see, but never take the next step of full on hacking.
From the amount of resistance against something like this, it must be pretty hard to implement but maybe someone is around now who might have an interest in this feature.
Anyway, I personally would like to have something like this in place, think others might too.