Google’s Chromium open-source project has revealed what could be a future feature of the Chrome browser: a password generator.
“[Passwords] are easy to use but they are trivial to steal, either through phishing, malware, or a malicious/incompetent site owner,” the design document states, apparently updated on Feb. 14.
As a solution, Google has come up with a way to auto-generate a password, if a user allows it. So far, however, it’s just a work in progress; since it relies on the autocomplete function of a Web site (which must be enabled by the site) Google estimates that it won’t serve to defeat 40 percent to 70 percent of phishing sites.
Google can usually detect if a user clicks on a login field and offer to enter the related password, if a user allows it. Likewise, Chrome can also detect when a user is filling out a password field. When a user then creates a new login and password at a Web site, a “key” icon appears. Clicking it will generate (in Google’s example) a password of “hbXX#2opz7^1,” which contains special characters, numbers, and capital letters – all keys to a cryptographically strong passphrase.
“The reason we don’t just choose a password for them is that many sites have requirements (e.g. must have one digit, must be alphanumeric, must be between 6 and 20 characters) some of which may be contradictory between sites,” Google says. “So we will choose a default generator that will work on most sites, but users may need to change our password if it doesn’t work.”
So how in the world do you remember a password like that? Chances are, you don’t; in fact, that’s Google’s end game.
“Chrome’s long term solution to this problem is browser sign in plus OpenID,” Google said. “While implementing browser sign in is something that we can control, getting most sites on the internet to use OpenID will take a while. In the meantime it would be nice to have a way to achieve the same affect of having the browser control authentication.”
Chromium is the name of the open-source browser project that Google’s Chrome is built upon; check out PCmag.com’s review of Chrome 17 for the latest updates, or our slideshow below. Anyone is free to take the Chrome source and modify or redistribute it according to the terms of the license; Google uses Chromium, and adds its logo, secure PDF viewer, Flash player, and other additions to generate its custom version.
For more from Mark, follow him on Twitter @MarkHachman.
For the top stories in tech, follow us on Twitter at @PCMag.