Password managers are becoming difficult to live without, yet they are a massive security hole since you can only trust they are not a front. Further, most of these managers keep your passwords on their servers which make them an incredible target of opportunity.
Brave having a robust management to use instead would be vastly more secure. Currently, Brave has no password required to un-encrypt and use its password manager. If a windows account is already logged into on a grabbed laptop, everything is compromised. Or, what about a laptop that is grabbed while in snooze mode, it is already logged in, just turn it on and run Brave and everything is compromised.
So requested: Add a feature in settings where if we use Brave’s password management system our passwords are encrypted and require a password to use. Allow the user to specify a length of inactivity/non-use before they must again enter the decrypt password to use the manager again. In this way stolen or sleeping Brave laptops have a hope to still be secure.