I need more information about the password manager before I decide to use it…
where are the passwords stored? On the local machine or cloud?
is the storage encrypted?
if encrypted, who holds the keys?
it seems there is not a master password for the stored passwords. Is this true?
if there is no master password if my machine is stolen it means the robbers can get to all my accounts…can you comment?
Thx
Well, Locally obviously.
Only if you turn the Sync, the passwords will be stored online. For that sync has to be authenticated and in the case of Brave it is encrypted and only the browser can decrypt the information, so nobody has access to it.
And about the ‘master password’ well, the master password is YOUR device, why would people be able to access your device if you securely encrypted it? The encryption, in the case of Windows, comes from the Operating System, so technically you are able to see the passwords and other data because you are in the same device, that’s why you have to add an authentication to the OS.
When you want to see passwords in the browser, your authentication will be requested to see the passwords, but that’s only ‘cosmetic’ because anyone can use a Nirsoft program to see all the passwords and it will work because the encryption is already in the OS.
Obviously someone opening the files in another device, won’t be able to see anything.
So I don’t get the point of “robbers” talk, when they probably will do more than just seeing your accounts if they have access to all Data inside your computer, because you didn’t add any secure authentication to it.
Over a year ago I had all the computers in my office stolen…but no private data was compromised because I use Veracrypt to protect all my private data on my computer.
https://veracrypt.fr/en/Home.html
These are encrypted files that are mounted as a windows virtual drive
If someone steals my computer (which has happened), they cannot open/mount these drives unless they have a very long, obscure key. I could add a key file if needed.
I would like to have the Brave Browser passwords stored in one of these mountable virtual hard drives…
I could probably do that if I changed the Brave profile address to a mountable drive?
I don’t know what could happen if you store the Brave’s user data in a place like that.
You would have to use --user-data-dir= and done, you could change every icon to include it and then change registry keys so when you click a link it will also open in the same user data.
But I don’t know how a Chromium browser will act when using veracrypt behind it, I have never used veracrypt, so only you can see if it could cause issues to have Brave installed in your system and then the user data in there. If it causes issues, I guess you can test it by having the browser and user data in the same virtual drive thing.
But technically, if a thief can’t log in your computer, then they can’t do much with it, if they extract the disk or try to see the files, then Chromium already encrypted cookies, passwords and the sensitive stuff about you, which will not work unless they are opened by someone in that computer, that’s why it is important to have a strong authentication if you are afraid someone might steal your data, like secure keys or Windows hello (fingerprinting or face recognition) should be easy and effective, the other non-sensitive data like history, bookmarks and all that is not encrypted.
PS. Please don’t listen to ‘others’ suggestion nonsense like “3rd party password manager” when LastPass is an example of security breaches about them, also, you always need a server to use those password manager, hosted by your or anyone else. how is that better for security is beyond me, it is just people who are gullible enough to buy a service that is not necessary.
If you want to use a password manager, then use KeePass, which is offline and runs in your computer and doesn’t care about internet connection.
These people suggestion third-party password managers, are the ones who have no evidence of any security breach with current Chromium password implementation, which runs offline, and doesn’t require any server to be hosted. it works with the system encryption, and that would be its only negative, but then, OS authentication methods are pretty advanced and that’s why I said you should make sure your computer is secured enough if you want everything else to be secured.
I wish people would not talking these ‘third party is better’ nonsense, when there is no evidence Chromium password management implementation have been breached in any way or form, nobody has shown a vulnerability when you can open the encrypted passwords in another system or anything, in fact, the ONLY way to open the same passwords in another system is by using sync, in the face of Brave, only Brave can decrypted by having the Sync Code, if nobody has the Sync Code or Brave browser, then, nothing is going to be accessed in any way, how is that less secured?
Just read, these people, “you’re not tethered to a specific ecosystem or browser.” which means you have to store them in the cloud for you to do that… yeah, so safe and secure /s
Consider using a third-party password manager. One overarching benefit of using a third-party password manager: you’re not tethered to a specific ecosystem or browser.
Check on-line reviews and comments for characteristics, features, and performance you like. Not putting my thumb on the scale, I’ll mention that I used (past tense) the free version of LastPass and I currently use the free version of BitWarden. Other competitive products may better suit you. Suggestion: pay close attention to the ability to export your saved passwords should you wish to change from one password manager to another.
yes, thank you, that is my plan…
I may test it…the advantage of Veracrypt is that I can secure all my files, bank records, et cetera with just that
not just Chrome passwords
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.