Correct me if I am wrong but chrome is-at least was- keeping passwords as raw text in Windows too. I got friend's forgotten password from Chrome on 2021 version

▲

cj00 4 hours ago | parent | next [-]

Yeah it's been years but I remember seeing arguments with Google devs saying if someone had access to your local file system, you're already SOL.

	▲	thewebguyd 3 hours ago \| parent [-]
		I've always hated that argument. Yes, if someone as access to your local file system, you are already SOL, but if that machine is part of an org, they aren't necessarily SOL except for now those plain text passwords can potentially be used for easier lateral movement to hit other, more privileged accounts (if you had access/had them saved in that password manager). At minimum, those credentials can now be used to phish the rest of your organization. Stopping the spread is just as important as protecting any individual machine.

▲

Hikikomori 3 hours ago | parent | prev [-]

Chrome added app bound encryption of cookie files in 2024.