Master Password


#1

One of the features I, and many users, love about Firefox is the Master Password feature.
Chrome does not have this, and is an important reason I don’t use it.

It requires one to first identify with the master password before auto-fill is allowed,
and has the option to display saved passwords after identifying (not sure about this one, safety-wise, but it has helped me tremendously).

External services offer similar fuctionality, but built-in is nice.
I welcome your feedback on this feature request.


Saved Passwords need to be better secured
Suggestion: Locking browser
Storings passwords to password manager
Password management is BEWILDERINGLY non-secure!
#2

So, great point for private :slight_smile:. Voted!


#3

I came here to suggest this so I’m going to bump this existing thread. Not only is the master password important but also the encryption used to store passwords on disk. There are many automatic tools that can scrape all of the browser stored passwords on a device. Usually, anything running as current user can see the contents of all these files and so any running application could be ex-filtrating all of your stored passwords in the background.

If you are going to offer a built-in password manager please enable a master password option and store all the passwords encrypted on disk so that no external application can read them. Only Brave should be allowed to see the password database.

LIVE EXAMPLE OF PASSWORD STEALING:
http://www.nirsoft.net/utils/web_browser_password.html

NOTE TO DEV TEAM:
You can use a tool like this to prove that your system is working.

@OrT Thanks for getting this discussion started :minidisc:


#4

Bumping this topic up, as I consider master password a must (and easy to implement - especially for some ex-Mozilla staff).


#5

Bump that!

I’d like to suggest using the standard keyring in linux, like chromium does. It is just as secure as firefox master password, but more usable:

  • Activated automatically on login
  • Single password
  • Passwords can be managed by seahorse

I understand this is not portable, so I’d love to see any implementation.

BTW: this project looks awesome!


#6

Wait a minute! brave already stores passwords in the keyring, which is protected by the user password!

So well done, brave team!


#7

I agree, the Firefox Master Password feature is excellent. I’d love to see something similar added to Brave.


#8

I agree! We need a master password for the passwords stored on Brave.


#9

There’s a request for it here

https://github.com/brave/browser-laptop/issues/1385


#10

Is there any word of this being implemented yet?


#11

Thanks for the support, guys!
Still a huge believer of this feature (might be a maker/breaker for me).

@brave - Let me know if I can help.


#12

HI @OrT I’m sure they’d welcome your help, Clifton asked ‘@spacemonkey if you do decide to grab this issue, let me know :smile: I’d be more than happy to help get you up to speed on any area of the code’.

However, there wasn’t a reply so I don’t know whether it was grabbed or not but you should click on the Git links above or paste the following numbers# and @bsclifton in the comments not clifton as it is in the community.

#3226 and #1385 seem the same to me but I’m sure you can get a better grasp of it.


#13

Hey there @Numpty, getting me “up to speed on any area of the code” would require me to teach me how to develop :slight_smile:
But thanks, I’ll give a shout-out if I can be of any help with UX or cheering them on.


#14

I like the idea of Master Passwork, it would be even better to use 2 password. I could go into detail of why and how just something Brave will have to look into


#15

Hi guys. I am using Bitdefender. their Password Manger is working in other browsers: Google Chrome, Mozilla. Very convenient. Is it any chance to make it available in Brave?
Thx and Rgs


#16

+1 from Saved Passwords need to be better secured


#17

+1 from Enhancing private data security & Brave's Built-In about:passwords


#18

I like the browser but it badly needs one change.

You need to change how easy it is to view the saved passwords. Please, either completely remove the option to view the passwords, or allow users to create a strong password specifically for viewing the saved passwords.

Screen locks are not at all secure due to several reasons, including that they’re usually simple since they need to be entered so often. It’s too easy for someone to watch you unlock your device and learn the pin or pattern.

I don’t want strangers to then be able to use that simple password to get all of my passwords. I’m very careful to protect my passwords and I use very strong passwords for my most important accounts.

So please, fix this soon. This is a major security problem.


#19

To Brave Developers: PLEASE PLEASE PLEASE ADD A MASTER PASSWORD FEATURE!!! I know the security of passwords is somewhat an illusion as we never can know if they are encrypted on the other end, but I need to have a master password feature. I’ve tried to switch the password manager to the other extensions available in Brave, and I can’t quite figure them out–only one of the extensions took me to a site where I could view a video, and it looked so complicated that I quit. The other extensions don’t seem to do anything. ALL I want is a master password like Mozilla has. It is too easy for someone to get any password they like with Brave if they get into my computer. I love everything about Brave, but this is a deal breaker. I may have to go back to Firefox if you don’t fix this.


#20

Yelling in caps with repetitive exclamation marks and threatening to leave is probably not the best way to ask for a feature. This is a request, not a ‘fix’.