You're leaving out the time to download, run, then delete the software and any traces that the operation was done. Going to the browser's settings and viewing passwords in plain text requires no installation or execution of code and leaves no trace. It is not as difficult or time consuming. It's kind of back the bike lock analogy: just because someone can take a bolt cutter to it doesn't mean it is pointless to use one.
You're still fundamentally arguing that because a safeguard can be circumvented, there should be no safeguard. There's no question cracking a master password can be accomplished, or even "easily" if you want to insist that, but it is taking extra steps including introducing and running new code and a taking degree of effort that is above and beyond viewing something in plain text in settings. It also assumes foreknowledge of all these things.
And by the way, you also forgot deleting the dumper site from the browser's history, (and DNS/proxy records if they're being logged) using a system password to install the software if the system has that kind of security, and so on. But I digress, the point is not that a master password will keep a determined or informed interloper out, it is that it will "keep an honest person honest."
>You're still fundamentally arguing that because a safeguard can be circumvented, there should be no safeguard.
No. I'm still a bit undecided on whether a safeguard would be worth adding or not. What I'm arguing is that many of the people making points in favor of a safeguard are doing so on weak reasoning, where they overestimate the effectiveness of it against a casual, untrained attacker. No foreknowledge is needed to make a search, and if you find instructions then I very strongly disagree that running a program is harder than navigating settings.
> deleting the dumper site from the browser's history, (and DNS/proxy records if they're being logged) using a system password to install the software if the system has that kind of security
Oh come on. This is supposed to be a casual situation where you let someone use your computer. What kind of history-monitored remote-logging computer is going to have saved passwords and unauthorized access in the first place?
> keep an honest person honest
You already have to enter a page solely for editing passwords and hit specific show buttons per password. There is zero plausible deniability at this point. I think an 'honest' person will already be kept out, and any changes would only matter in marginal situations.
>No. I'm still a bit undecided on whether a safeguard would be worth adding or not.
So what exactly is the harm or downside? Firefox has it. Neither Safari or IE display passwords in this manner either.
>No foreknowledge is needed to make a search, and if you find instructions then I very strongly disagree that running a program is harder than navigating settings.
Making a search is how you would acquire the foreknowledge. I was talking about an unskilled user acting in moment of opportunity - not someone who has researched password cracking and has unfettered access. I would bet that an employer, or an IT department, or a jury would see a difference between downloading & installing software on a machine and just opening the settings on it.
>Oh come on. This is supposed to be a casual situation where you let someone use your computer. What kind of history-monitored remote-logging computer is going to have saved passwords and unauthorized access in the first place?
Look, this could be in the workplace when someone gets up from their desk to go to the bathroom or get a cup of coffee. Chrome is on every platform. Some systems require administrative privilege (and a system password) to install new software but none is required to open chrome and veiw settings. I use a DNS service at home to watch what sites my kids use. I would know (albeit after the fact) if they downloaded a pw dumper. Lots of companies use firewalls and the like too. I was speaking about covering one's tracks - in any setting not just the kind you imagine.
>> keep an honest person honest
It is a reference to an old locksmith saying, specifically: "Locks are on doors only to keep honest people honest."
