I really like Brave I really want to keep using but there is a very serious flaw in how it deals with logins and passwords.
#1. A manual override for individual sites that have their own set of rules is really needed, aka, exceptions. For some sites we need a set of rules different from most other sites or the net in general. Your system is an all or nothing system when it comes to remember login ID and passwords.
#2. For banking and other high security sites, not only do we have complicated passwords, but complicated logins as well. Trying to retype those every time is a PITFA. For some reason Brave will remember the PW, but it does not always remember the log in ID. This really is a problem.
#3. PLEASE just come up with a pay system. This free stuff never works long term. Charge $29.94 for the browser, and $10/year for updates. That has got to be a more profitable way to do this and with profitability will come more customer service and support. (something you are really lacking right now.)
@Matt621,
Thanks for reaching out.
Happy to help you with the first two issues here at least.
For this one, I think I need you to elaborate a bit on the type of behavior you are expecting to see. What kind of exceptions – with respect to login/passwords – are you referring to? Can I have an example (even if hypothetical)?
So without more information on the sites and your specific setup it’s hard to give a reason as to exactly why the username/ID isn’t always remembered and the password is. On potential cause is that there are times where I have gone to a site, logged in and when I was prompted to save the login information in the pop-up modal, the password line was filled, but the username was not. If I’m not paying attention or if I’m moving quickly, I sometimes just hit Save – so the password is remembered but not the username.
One thing you can do to help ensure that these names are saved is to go to brave://settings/passwords and check for any blank/incorrect user names for your saved accounts. If you find any, you can click “more options” next to the entry (three dots icon), then Edit and add the relevant user name.
For both of the above, if you can provide some examples of sites where you see this behavior (especially if it’s consistent) I’d be more than happy to help troubleshoot and see if we can find the root cause.
Additionally, it would be good to know what OS you’re using, your Brave version (Menu --> About Brave) and what extensions you have installed in the browser at this time (if any).
on the next page it DOES remember the password. I have to click on the box and the login ID will pop up and I select it and it puts in the correct password and functions correctly.
Also on the password page, where you see all the passwords ever stored in the browser. That page must have a password or pin added to it. Ie, a password for the password page. And I’m hoping those pw are all encrypted in some way.
So for the first site/issue, you’re saying that the Username field isn’t remembered on the first page. However, if you go and view the credentials for the site in brave://settings/passwords, does it have the username listed here?
In order to view/reveal passwords on this page, you need to enter the admin/login ID for the device itself.
I’m using a free operating system called “Linux” that’s been around for 30 years, and is used by 48% of companies.
Despite being free, it’s successful and there’s a huge community and plenty of useful info online if you have any problems with it.
Granted, the open source model doesn’t work for everything. But it does work, and I think Brave is a great example of open source software.
I’d rather Brave remained open source and free. That way, the security community can inspect the source code and we can rest assured there are no serious flaws in Brave.
For the first part of your question. Yes, that is what I’m saying. The PW pages shows the Login is rememebered as well as PW but on the first page it does not auto fill, it does not show anything when I clikc in the box, it does not show anything when I click and arrow down. (which is how it used to work)
As for the other suggestion, having the “device” with a PW is useless. Any hacker or cyber criminal can get by it easy. I know when I was installing Windows 7 I had a “bypass” CD that got me into any machine. I am sure such discs exist for any OS. This would be like saying "I locked the fence gate to no reason to lock the front door, the back door, the windows or garage.
Linux is a special case were companies hire Linux people to do their system. John Q Public has not adopted Linux for just that reason. W/o real support, you are a pioneer on the wilderness trail. Fine for some people, but I’m to busy to have to learn how to rebuild my transmission, frame a door, make model airplanes, pay my taxes, show up for jury duty, take my wife out once a month, wash the car, fix the fence, get my kid to school, etc, etc etc. I’d rather just pay someone for the product and let them become the expert. Same reason I pay the guy to cut the grass, kill the weeds, paint the house, clean my teeth, etc.
A browser is more like a car. Yes, some people can fix their own fine, but most rely on specialists to do it.
I can report this to the team but I think it has to do with multi-page logins specifically. I’ll see what they have to say – would you be willing to test the behavior in Chrome/Chromium and see whether or not it behaves the same?
A better analogy would be that the lock on your fence and your back door have the same lock as your front door. That said, this is common practice. In all other browsers, unless there is a built-in feature that allows you to set a different password, they implement the same method – you have to enter your device password in order to view sensitive data. In fact, on macOS/iOS that’s how you allow/deny/change access and permissions in your security settings.
Also we’ve come a long way from Windows 7 “bypass” CDs and again, if someone is physically accessing your computer such that they can insert that “bypass CD”, you may have a problem with the actual lock on your door at home
FWIW we do have a feature request open for this:
I’ve added your report to the thread as a +1 on your behalf.
I cannot do a valid test. The website in question monitors every login. If I go to Chrome and log in, it says it does not recognize my device. I then have to answer challenge questions and now my account “linked” to chrome, the OS, the IP, etc. As soon as I go back to Brave I have to start the process all over again.
In such a situation I don’t think we’ll ever get a true A/B test since the parameters are changing every log in.
