Google talks a big game about Chrome OS's security versus other operating systems. One area where it falls short, though, is keeping your passwords safe from the prying eyes of those around you. On competing operating systems like Windows and macOS, viewing saved passwords requires first entering your device password; not so on Chrome OS. That could soon be changing, though, according to a recent commit on the Chromium Gerrit.
Currently, you can view saved passwords on an unlocked Chrome OS device by navigating to chrome://settings/passwords in Chrome or going to Settings > Passwords. They're just sort of there, easily viewable, no authentication required. You can even export them into an easy-to-carry-away CSV file in just a few seconds.
A bug report on the issue was submitted last month; evidently, implementing reauthentication for saved passwords would be tricky. In principle, it doesn't seem like it ought to be; changing lock screen settings on Chrome OS already requires the user's password.
A commit added to the Chromium Gerrit this week makes it seem like meaningful progress is being made, with new comments added as recently as yesterday. In the meantime, it's probably wise to lock your Chromebook any time you step away.
- Chromium Gerrit
- Chrome Story