Local Data Encryption in Chromium

Back in February, I wrote about browser password managers and mentioned that it’s important to understand the threat model when deciding how to implement features and their security protections. Generally speaking, “keeping secrets from yourself” is a fool’s errand, so it’s a waste of time and effort to encrypt data if you have to storeContinue reading “Local Data Encryption in Chromium”

Revealing Passwords

The Microsoft Edge browser, Edge Legacy, and Internet Explorer all offer a convenient mechanism for users to unmask their typing as they edit a password field: Clicking the little eye icon disables the masking dots so that users can see the characters they’re typing: This feature can be very useful for those of us whoContinue reading “Revealing Passwords”

Browser Password Managers: Threat Models

All major browsers have a built-in password manager. So we should use them, right? I Do I use my browser’s password manager because it’s convenient: with sync, I get all of my passwords on all of my devices. This convenience means that I can use a different password for every website, improving my security. ThisContinue reading “Browser Password Managers: Threat Models”