Dear all,
I found in this forum how to recover the list of the passwords stored in Brave, great to see their is a way to restore, but really afraid about the fact that their is no master password to unlock it.
I really love the concept of Brave but for me it is not secure enough due of this lack of protection on sensitive information.
Am I wrong? is their any way to protect this file? without this pass it is quiet impossible to use this browser if we share the same computer with admin access even with dedicated profile.
Regards
4 Likes
@after,
I’m not sure I understand what you’re asking – are you wanting to password protect a file on your system in the User Data directory? Or are you asking if there is a way to set a master password to view password data in the browser itself?
Like the Firefox master password (aka primary password) to protect the locally stored passwords? I was looking for this too
1 Like
@dilemma: You should both try dedicated password manager, I chose Bitwarden specifically. It runs on every OS, so you can access your passwords securely on all your devices with one account. Hope this helps.
Thanks for your proposal, definitely we can use third party software but I think if a Browser pretends to take care of the security, it should offer master password if it stores password, or do not store password if their is no option to protect the file. We are speaking about this topic, that means we are concerned about password protection, but we also have to think to people with less knowledge… I really hope they will soon implement pass protection…
1 Like
A master password like for Firefox, a pass that you need to unlock your password wallet when you open Brave, in this case even if you get the file restore it on another computer you will have to unlock the wallet with a master pass.
In this case if you adopt your Browser you don’t need third party tool for your password, everything is protected and sync between all your computers.
Regards
I believe we have an issue/request out for this already. Additionally, it’s worth noting that you do need to enter your system password at least to view password content in Brave for all OS.
I agree that we have to fill system password, but if you have several admin for the system we face an issue. System password is not enough to protect sensitive data as passwords. It’s better when an application is secured by itself rather than depending on OS that can be easily compromise
1 Like
+1 for a Master Password to access either the browser and the password list. The iOS version offers this protection (as did Firefox on the Mac), but, weirdly, not the Brave Mac version — unless I’m missing something. If the developers are listening, please add this feature asap. And, if there’s an official way to request or vote for a new feature, I’d be grateful if someone could post the link.
1 Like
I’d also like to see an implementation like Firefox has (type in the (Master)Password to unlock the Password store to even fill in the stored passwords which is not the case right now afaik?). Atleast you can’t directly see the Passwords thats true but everybody can login with saved passwords once the browser is up an running if there are any saved passwords which is not that great. Also I am not sure if those little “bullet unhider” programs might help with showing the passwords which are filled in? In any case, please implement a Masterpassword-to-unlock option for those who wish to activate it even if there is a little more attack surface. Of course I see this as an addition to Password Safes.
I agree with having an “in program” password manager that saves a hashed file within the user’s preferences directory and prompts to open it when a password is needed. I have several programs that can access the system’s keyring password manager, which means those programs also have potential access to my Brave passwords. That is not a secure solution. I posted a request for this feature a year ago.
I would think trying a browser that meets the requirements of a secure, built-in manager would be preferable to being required to access two separate programs to do the same job.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.