While generally it's good that users don't know their passwords, there are times when they will need them such as when they aren't able to use Chrome. For these cases, we will have a secure password storage web site where users can sign in and view (and possibly export?) their passwords. Since it should be relatively rare that users need this, and since this information is valuable, we are debating adding additional safety checks here, such as a prompt to enable StrongAuth. TODO(gcasto): Add link once this site is live.
PasswordGenerationAgentis responsible for both detecting account creation password fields and properly filling and updating the passwords depending on the users interaction with the UI.
Browser
PasswordGenerationManager takes messages from the renderer and makes an OS specific dropdown. This UI use a PasswordGenerator to create a reasonable password for this site (tries to take in account maxlength attribute, pattern attribute, etc.). If the password is accepted, it is sent back to the renderer.
Caveats
Users must have password sync enabled
Since users are not going to know their passwords, we need to be able to retrieve it for them no matter which computer they are using.
Not all websites can be protected
This feature only works for sites that work with both the password manager and Autofill. Currently this means sites that do signup with only two input fields (e.g. Netflix) aren't covered since Autofill doesn't upload in this case. It also means that sites that don't work with the password manager (e.g. sites that login without navigation) aren't covered.
Users are only protected for new passwords
We will not force users to use this feature, we simply suggest it when they sign up. Eventually we will want to prompt on change password forms as well, though the password manager currently doesn't have this capability.
Feature makes Google a higher value hijacking target
Google is already a high value target so this shouldn't changes much. Moreover it's easier for us to make logging into Google more secure via StrongAUTH than have every site on the internet secure itself. At some point in the future it might also be possible for us to automatically change all of a users passwords when we realize that their account is hijacked.