• modulus@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Completely disagree. Using the Firefox master password feature passwords are safe even in the context of sharing a device or an extension. In addition, multi-FA isn’t necessarily a safer option.

    And what’s the provided alternative? A password manager. So storing passwords somewhere else that may leak, and in fact has leaked, and is by its nature a high value target.

    Each person has to consider their particular situation and threat model, but a well-secured browser that stores passwords locally can be a perfectly adequate and in fact safer alternative than a password manager.

    • neoney@lemmy.neoney.dev
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Simple solution for password manager leakage - KeepassXC or selfhosted bitwarden. All blame is on you then.

      • amiuhle@feddit.de
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Right, so everyone should just do without synchronization to mobile devices or set up their own Bitwarden. That sounds like a solution for the masses.

        • neoney@lemmy.neoney.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          If you are using a browser with password sync, you have the same possible data leakage problem as with a password manager.

          If you aren’t using a browser with sync, then you… have no sync.

          So you get five options, all with some downsides

          Browser:

          • no sync to other devices

          Browser (with sync):

          • possible data leakage

          Password manager (in cloud):

          • possible data leakage

          Password manager (KeePassXC with no sync):

          • no sync to other devices

          Selfhosted password manager:

          • more difficult to set up
  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    This is FUD and AFAIK even partially wrong.

    The passwords are better protected in the built-in password storage of the browser than in any 3rd party browser extension as the browser itself can strictly separate them from the other extensions.