Passwords on the Internet are a necessary evil. They can help protect your accounts, but are easily stolen by various means. People, including myself, are also not very creative so we end up using the same passwords for every site making ourselves even more vulnerable. A new extension for Chrome seeks to remedy the problem.
The Chromium Projects page features a new design document that details a password generator for Chome that seeks to make passwords harder for people to steal by not even having the account holder know the password. It's somewhat scary due to the user not being able to know their own passwords anymore, but in theory it might just work.
The extension’s first job is to detect when a user is on a sign up page that requires a password. If the extension determines that the user is on a sign up page, it will put a small key symbol in the password box. Clicking on the key opens a dialog box that asks the user if they want Chrome to manage the password for them.
If they choose to let Chrome handle the password, a new dialog box will pop up with a random password. The generator will use a single generator for all sites that should be compatible with any random requirements the site has, including the sites that require alphanumeric punctuation laden passwords.
A potential problem will be sites that don’t allow the autocomplete function to operate on their page. This would make any attempt at saving the password that was just generated useless as the user doesn’t know it and the browser didn’t save it.
The team feels that the extension will be able to handle other types of Web pages that deal with passwords including those for changing a password. It’s all a matter of having the extension recognize the page. The extension should also be able to fill in the space for the old password when changing to a new one.
Of course, not everybody can use Chrome all the time. There may be a time when a change to a different browser is required. At those times, they want to have a Web site where users can sign in to access their passwords.
Some of the anticipated problems include not being able to function on all Web sites, old passwords are still unprotected, doesn’t work with Google’s GAIA single sign-in feature and could make Google a higher priority hack target.
It’s an interesting feature and I’m sure a lot of people would use it to gain some peace of mind, but I don’t know if I would let an extension create passwords for me.