Mozilla Firefox

Discussion in 'other software & services' started by Hadron, Aug 27, 2016.

  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    +1
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    https://www.ghacks.net/2019/06/14/if-you-lost-all-passwords-in-firefox-read-this/
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Hmm, I wonder how many times now there have been reports of Firefox not working properly because of AV software..
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I have never understood why browser developers have never made secure and handy password managers, I'd rather use the browser than having to rely on some third party company. Because normally, you are already trusting the browser, because you haven't got a choice anyway. Hopefully, Vivaldi will do the same.

    I might be willing to support if they make Firefox usable again for me. But I'm not betting on it. :rolleyes:

    Holy crap, so glad I'm not using any real-time AV.
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    please stop whining into several threads now. quit firefox or get along with it.
    firefox will still be free, you only pay for extended services which are offered from mozilla, like pocket, lockwise and more. those were added by extension(s)!
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Not all passwords are entered into web pages...
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Your browser is parsing a lot of untrusted, complex content, which makes it a lot easier to exploit than a password manager. If your browser is compromised, your passwords are as well. Don't store them in the browser..
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Do you feel that add-on password managers are safer in that regard? I use Lastpass and like the fact that it is not browser dependent, however it does of course require a browser add-on/plug-in. It's not possible to have zero attack surface, but as far as I know Lastpass has not been compromised in the wild.
     
  10. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Nowadays browsers consists of many processes. Browser vendors can perhaps create separate process for password manager not directly accessible by processes parsing untrusted code.
    For me most important argument is that passwords are entered into various programs, not only web browsers. Also what about people using two different web browser? How to synchronize these passwords between them? I'm afraid browser vendors would not agree upon sync protocol. It is not in their business to make data that portable.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    I'm not sure about that. I just copy/paste from my password manager.

    Yes, with similar efforts like site isolation, that may be possible. But Firefox for example still doesn't have anything comparable and even then, it is probably more secure to use a separate program.
    True.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Understood, but my point was that if the extended services provided enough value, I might possibly pay for them. I don't mind supporting things I plan to use long term.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, I'm not so sure about this, because all password managers make use of extensions, so they have the exact same risk. Surely, there should be ways to protect browser stored passwords in a much better way than currently is the case.

    I was obviously only talking about passwords that are used for websites. I would of course still use an offline password manager for other stuff.

    Sounds like a great idea. I wonder how secure Lockwise will be. I do know that malware is often stealing passwords files from disk, and apparently it's not that hard to decode the encrypted files?

    https://www.ghacks.net/2019/05/29/mozilla-releases-firefox-lockwise-formerly-lockbox-add-on/
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    KeePass works fine without extensions. You can just copy/pase or use the autotype functionality. In fact, now that I think about it, I'm not even sure it has extensions. Also, I'm not sure if the risk is exactly the same. I don't know how other PW managers work in combination with their extensions, but KeePass auto-locks, so then an attack would have to happen while the password manager is unlocked, or they can comprimise the browser and wait wait until the user unlocks it again, but if the user closes the browser before, it won't work.
     
  15. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    You might be surprised how many there are: https://keepass.info/plugins.html
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Ah yes, there are lot of community plugins for KeePass including browser extensions, but KeePass itself does not come with browser extensions right?
     
  17. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Correct. However, KeepassXC does.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I was not talking about KeePass, but about password managers that integrate into the browser for convenience. KeePass is perhaps secure but also not that handy for most people. So the solution would still be to build a secure password manager inside the browser. In theory it should't be less secure than popular ones like LastPass and RoboForm.
     
  19. guest

    guest Guest

    Mozilla tests Ad-Free Internet Service for Firefox that costs $5 per Month
    July 5, 2019
    https://techdows.com/2019/07/mozill...rvice-for-firefox-that-costs-5-per-month.html
    Mozilla: Support the sites you love, avoid the ads you hate
     
  20. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    the silly way it goes - paid web for no ads. this is the wrong way with no uturn. and this is different for paid content which makes much more sense. anyhow this is part of mozillas paid feature package for firefox users as announced.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    I think the whole model is broken - and it is also alien to my how my mind works. But then, the ad model hasn't changed since 1950s, so it's no surprise it's so antagonizing and so out of touch. I actually like when websites don't allow me to see their content without paying (aka paywall) - popular with news sites in the US. This gives me a clear and simple choice - pay or go elsewhere. I prefer that to ads.

    The problem is, the Internet for many (nerds) is already ad-free. So not sure what this model solves. I encountered the same issue on Android/YT - the services start free and then you're annoyed with ads and then asked to pay not to see ads. That's a wrong model. And there's already a solution to that. For someone starting fresh, yes, a pay-for Internet model could be a nice idea - but for people who have been around for a few years, or decades, this is just ... wrong. Moreover, the Internet as it is now is already pretty much worthless. It peaked in 2010 or so and has been going downhill since. Paying would have made sense a decade ago. Today, I can probably count two or three dozen sites worth visiting on the entire Web.

    Mrk
     
  23. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Google, Facebook, Instagram, Youtube, Twitter, Snapchat, and of course, the one and only, Wilders Security :D



    Doesn't Brave already do the same? Brave rewards?

    .
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Half the sites you wrote aren't on my list.
    Mrk
     
  25. guest

    guest Guest

    Firefox Quantum set to be renamed to Firefox Browser
    August 12, 2019
    https://www.neowin.net/news/firefox-quantum-set-to-be-renamed-to-firefox-browser
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.