> Things like unprintable email is a bad joke. Unprintable? What if I connect to Gmail with mutt? It gives the sense of a false security
Funny when you look at Chrome where they don't protect saved passwords to avoid giving users a "false sense of security and encouraging dangerous behavior"[1], which seems to be a valid argument here too
What possible protection could you have in a non-master password scenario? If you’ve decided that you don’t want the user to have to enter a password, it’s game over from a perspective of trying to keep the password from being retrieved by an attacker with local execution. Even with a master password, you’re only safe until you enter it, then the attacker has that info as well.
It used to be that you had to use Chrome's dev tools to inspect a password field and change it to a text field to see someone's password. These days not even that is required as the password is plainly visible as a element attribute called data-initial-value.
Funny when you look at Chrome where they don't protect saved passwords to avoid giving users a "false sense of security and encouraging dangerous behavior"[1], which seems to be a valid argument here too
[1] https://news.ycombinator.com/item?id=6166886