How to store a password as securely in Chrome Extension?

This is a lightning-rod issue. See http://blog.elliottkember.com/chromes-insane-password-security-strategy for more. The position most consistent with Chrome's would be to encourage your users to use whole-disk encryption and to lock their screen when away from a logged-in machine. It's difficult for userland code like an extension (or a browser, for that matter) to properly implement secure storage, where "properly" means "resistant to a password-recovery utility that anyone can download from the internet."

You should file a feature request. It might be possible to expose a system-level API that does provide similar security to the underlying OS's keychain.

If I encrypt the password, won't the key be locally stored as well effectively making the encryption useless? Yes, it would and yes, all client-side "encryption" is visible to the user or anyone who has access to the machine and therefore pretty much useless. Except perhaps for the purpose of obfuscation -- anyone with a copy of your hard drive won't immediately be able to tell the password in plain text. This may or may not be an advantage, f.ex. if using device-specific data to generate a key for encryption such as hardware UIDs, someone who gets the encrypted data won't be able to decode it right away without knowing the UID. Generally though you'd assume someone with access to the "encrypted" password would also have access to the machine in some way so all in all, again, user-side encryption doesn't really make a lot of sense when performed in the browser.

As far as i know, local storage is not a secure place for storing the password, or other sensitive details. Check out the link below, one of the person has commented of using the javascript 64 bit encoding and deocding scheme but i dont how far that method will prove to be useful for what you are trying to achieve.

https://getsatisfaction.com/apperyio/topics/how_to_save_account_password_securely_on_local_storage

Hope this helps!