Technology

37608 readers

225 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

Saving Passwords In Your Browser? You Shouldn't: Here's Why (www.makeuseof.com)

submitted 1 year ago by [email protected] to c/[email protected]

7 comments fedilink hide all child comments

top 6 comments

sorted by: hot top controversial new old

[–] [email protected] 7 points 1 year ago (1 children)

Completely disagree. Using the Firefox master password feature passwords are safe even in the context of sharing a device or an extension. In addition, multi-FA isn't necessarily a safer option.

And what's the provided alternative? A password manager. So storing passwords somewhere else that may leak, and in fact has leaked, and is by its nature a high value target.

Each person has to consider their particular situation and threat model, but a well-secured browser that stores passwords locally can be a perfectly adequate and in fact safer alternative than a password manager.

[–] [email protected] 2 points 1 year ago (1 children)

Simple solution for password manager leakage - KeepassXC or selfhosted bitwarden. All blame is on you then.

[–] [email protected] 3 points 1 year ago (1 children)

Right, so everyone should just do without synchronization to mobile devices or set up their own Bitwarden. That sounds like a solution for the masses.

[–] [email protected] 2 points 1 year ago

If you are using a browser with password sync, you have the same possible data leakage problem as with a password manager.

If you aren't using a browser with sync, then you... have no sync.

So you get five options, all with some downsides

Browser:

no sync to other devices

Browser (with sync):

possible data leakage

Password manager (in cloud):

possible data leakage

Password manager (KeePassXC with no sync):

no sync to other devices

Selfhosted password manager:

more difficult to set up

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

This is FUD and AFAIK even partially wrong.

The passwords are better protected in the built-in password storage of the browser than in any 3rd party browser extension as the browser itself can strictly separate them from the other extensions.

[–] [email protected] 2 points 1 year ago

Vaultwarden

load more comments