Please tell me why everything needs to be taken so seriously. You wrote:
"...bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software..."
It sounds like that computer owns nuclear bomb instructions.
Take a breath and one step back:
How about if the kids likes to play with their friend and likes to stole his/her facebook passwords when the friend is in the toilet (others are playing games at the same time with their friend's computer).
Most of the kids do not think about dumping cookies, installing malicious extensions etc. They just like to look the password and use it later.
We do not ask from you to provide any master password. Why not only ask user's credentials (the pure end user, not administrator credentials)?
If I go to your computer while you are in toilet, can I come and change your password? Or can you agree that your following comment was not actually 100% correct:
"...when you grant someone access to your OS user account, that they can get at everything..."
At least mine OS:
1. Ask me the old password before I can change it.
2. I'm running normal end user credentials, so by default I do not have admin credentials. And by this way, I have very limited credentials to do what ever I like...
I would like to ask to think twice until agree Google's reply. And not only because they have so much power on the Internet.
Think about most simplest case: childs John and Jack do their homework on Jack's computer. Jack goes to the toilet and John continue the writing/drawing. Then John gets "brilliand" idea: "Hmmm, why not stole his passwords all around and sell/play them later..."
Is this something which you think never happen?
There is two simple solution to avoid this:
1) Jack is having two accounts: admin and JackTheUser
2) There are no passwords in clear text format unless someone add JackTheUser's credentials. And this must happen everytime you look the passwords.
#1 makes impossible to install any bad software
#2 avoid simple friends to see your passwords
Maybe Justin and Google just doesn't know how to verify user on the OS? Very same way than UAC behaved earlier on Windows.
Some professionals call it layer security: if your front door is open, your safety box is still locked. May I ask, is that something which we do not want?
It sounds like that computer owns nuclear bomb instructions.
Take a breath and one step back: How about if the kids likes to play with their friend and likes to stole his/her facebook passwords when the friend is in the toilet (others are playing games at the same time with their friend's computer).
Most of the kids do not think about dumping cookies, installing malicious extensions etc. They just like to look the password and use it later.
We do not ask from you to provide any master password. Why not only ask user's credentials (the pure end user, not administrator credentials)?
If I go to your computer while you are in toilet, can I come and change your password? Or can you agree that your following comment was not actually 100% correct: "...when you grant someone access to your OS user account, that they can get at everything..."
At least mine OS: 1. Ask me the old password before I can change it. 2. I'm running normal end user credentials, so by default I do not have admin credentials. And by this way, I have very limited credentials to do what ever I like...