Storage of passwords in Google Chrome Extension

Question

I started reading Google Chrome\'s documentation, and liked it\'s approach of using HTML and Javascript to create extensions. Reading this tutorial about Local Storage made

Answer 1

You could encrypt and store a user’s password with localStorage (or the Web SQL Database API). But not very securely. Anyone who gained access to the user’s computer could retrieve the ciphertext, pluck the encryption algorithm out of your extension source, and determine the plaintext password.

If feasible, here are a couple more bulletproof solutions:

• Piggyback on the user logging into a web interface. For an example, see the Google Mail Checker.

• Connect to the services through OAuth (or a similar authorization scheme). For an example, see the Google Wave Notifier.