Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
Maintained by go/gitwatcher - Please do not modify manually. [ID: 762704]
Maintained by go/gitwatcher - Please do not modify manually. [ID: 762733]
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
Comments from monorail:
reillyg@google.com: Chrome OS settings should allow the user to reveal the saved password for any WiFi network the system remembers.
The use case for this is that people forget their WiFi passwords all the time and their computer may be the only device that remembers it. Resetting your WiFi password causes more problems than it solves because now every other device in the home needs to be updated as well.
Given that Chrome allows the user to view passwords saved for auto-fill there doesn't seem to be any security benefit to hiding saved WiFi passwords either.
-----------------------------------
stevenjb@google.com: We intentionally do not send WiFi passwords from Shill to Chrome to increase WiFi security, so this information is not currently available to the UI even if we decided we should implement this.
I am not a security expert, but I belive that there were thoughtful reasons for this. (e.g autofill is opt-in and saving a WiFi password is not, compramising a WiFi passowrd affects more than just the user/device, etc).
Changing the component since this would first require a Shill change, but I suspect that this will likely be resolved WontFix.
-----------------------------------
khorimoto@google.com: FYI, jonmann@ is working on Wi-Fi Sync (syncs Wi-Fi credentials between devices), and part of this change requires that we send passwords from Shill to Chrome, where the sync code resides.
Jon has written a design document for this and plans to start implementation soon; see go/shill-credentials-dd.
-----------------------------------
jonmann@google.com: If we intend to expose saved passwords through the UI then I would modify that design to include the password in the synced dictionary between shill and chrome, rather than adding a one-off function.
Given the comments in #2, is this something that is still desired? Has there been a security review?
-----------------------------------
unknown user: I would appreciate syncing WiFi across devices.
-----------------------------------
unknown user: Any info on this? All major OSs support this (Windows, Linux, macOS, iOS, Android), Chrome OS is the only one that doesn't and this makes the experience really frustrating.
Thank you!
-----------------------------------