Discussion in 'other software & services' started by Hadron, Aug 27, 2016.
Hmm, I wonder how many times now there have been reports of Firefox not working properly because of AV software..
I have never understood why browser developers have never made secure and handy password managers, I'd rather use the browser than having to rely on some third party company. Because normally, you are already trusting the browser, because you haven't got a choice anyway. Hopefully, Vivaldi will do the same.
I might be willing to support if they make Firefox usable again for me. But I'm not betting on it.
Holy crap, so glad I'm not using any real-time AV.
please stop whining into several threads now. quit firefox or get along with it.
firefox will still be free, you only pay for extended services which are offered from mozilla, like pocket, lockwise and more. those were added by extension(s)!
Not all passwords are entered into web pages...
Your browser is parsing a lot of untrusted, complex content, which makes it a lot easier to exploit than a password manager. If your browser is compromised, your passwords are as well. Don't store them in the browser..
Do you feel that add-on password managers are safer in that regard? I use Lastpass and like the fact that it is not browser dependent, however it does of course require a browser add-on/plug-in. It's not possible to have zero attack surface, but as far as I know Lastpass has not been compromised in the wild.
Nowadays browsers consists of many processes. Browser vendors can perhaps create separate process for password manager not directly accessible by processes parsing untrusted code.
For me most important argument is that passwords are entered into various programs, not only web browsers. Also what about people using two different web browser? How to synchronize these passwords between them? I'm afraid browser vendors would not agree upon sync protocol. It is not in their business to make data that portable.
I'm not sure about that. I just copy/paste from my password manager.
Yes, with similar efforts like site isolation, that may be possible. But Firefox for example still doesn't have anything comparable and even then, it is probably more secure to use a separate program.
Understood, but my point was that if the extended services provided enough value, I might possibly pay for them. I don't mind supporting things I plan to use long term.
Well, I'm not so sure about this, because all password managers make use of extensions, so they have the exact same risk. Surely, there should be ways to protect browser stored passwords in a much better way than currently is the case.
I was obviously only talking about passwords that are used for websites. I would of course still use an offline password manager for other stuff.
Sounds like a great idea. I wonder how secure Lockwise will be. I do know that malware is often stealing passwords files from disk, and apparently it's not that hard to decode the encrypted files?
KeePass works fine without extensions. You can just copy/pase or use the autotype functionality. In fact, now that I think about it, I'm not even sure it has extensions. Also, I'm not sure if the risk is exactly the same. I don't know how other PW managers work in combination with their extensions, but KeePass auto-locks, so then an attack would have to happen while the password manager is unlocked, or they can comprimise the browser and wait wait until the user unlocks it again, but if the user closes the browser before, it won't work.
You might be surprised how many there are: https://keepass.info/plugins.html
Ah yes, there are lot of community plugins for KeePass including browser extensions, but KeePass itself does not come with browser extensions right?
Correct. However, KeepassXC does.
I was not talking about KeePass, but about password managers that integrate into the browser for convenience. KeePass is perhaps secure but also not that handy for most people. So the solution would still be to build a secure password manager inside the browser. In theory it should't be less secure than popular ones like LastPass and RoboForm.
Mozilla tests Ad-Free Internet Service for Firefox that costs $5 per Month
July 5, 2019
Mozilla: Support the sites you love, avoid the ads you hate
the silly way it goes - paid web for no ads. this is the wrong way with no uturn. and this is different for paid content which makes much more sense. anyhow this is part of mozillas paid feature package for firefox users as announced.
Here is some more info, I'm not sure what to think about it. I rather see them fixing the broken ads system, I don't think I'm willing to pay.
I think the whole model is broken - and it is also alien to my how my mind works. But then, the ad model hasn't changed since 1950s, so it's no surprise it's so antagonizing and so out of touch. I actually like when websites don't allow me to see their content without paying (aka paywall) - popular with news sites in the US. This gives me a clear and simple choice - pay or go elsewhere. I prefer that to ads.
The problem is, the Internet for many (nerds) is already ad-free. So not sure what this model solves. I encountered the same issue on Android/YT - the services start free and then you're annoyed with ads and then asked to pay not to see ads. That's a wrong model. And there's already a solution to that. For someone starting fresh, yes, a pay-for Internet model could be a nice idea - but for people who have been around for a few years, or decades, this is just ... wrong. Moreover, the Internet as it is now is already pretty much worthless. It peaked in 2010 or so and has been going downhill since. Paying would have made sense a decade ago. Today, I can probably count two or three dozen sites worth visiting on the entire Web.
Google, Facebook, Instagram, Youtube, Twitter, Snapchat, and of course, the one and only, Wilders Security
Doesn't Brave already do the same? Brave rewards?
Half the sites you wrote aren't on my list.
Firefox Quantum set to be renamed to Firefox Browser
August 12, 2019
Separate names with a comma.