Stop the random security crap!
Stop making me verify that I am allowed to access my passwords and that I am allowed to download files. I don’t know who sits around and dreams this crap up but stop them.
Google has gotten so bad that even de-listing my tablet hasn’t stopped them from still ttying to send 2-factor auth to a device that no longer works. Which would be fine if any of the other methods worked but they don’t. Their thinking is stinking and there alternative methods aren’t working either.
You’re heading down the same rabbit hole. Knock it off!
Security is one of the main focuses of our browser. Your passwords hold access to all of your online accounts, identities, potentially your finance information, etc. Passwords are the things that require the most security, which is why password protection, verification and security is paramount for all companies.
The browsers asks for your system password to view your browser passwords as an extra layer of security to ensure the wrong person doesn’t access them.
Lastly, you should not have to enter a password in order to download files. If you’re referring to the system dialog that asks where you want to save the file each time you go to download one, that can be disabled by going to brave://settings/downloads.
Yeah and they’re my passwords and I know where the device is and I know what the risk is. Just because you have exposure with your devices and passwords doesn’t mean I do. You have no idea. You’re just imposing BS because you think you understand everyone’s circumstances but you do not and wasting time when you could be solving other issues is a waste of resources.
How mamy people reported having their passwords taken through the method you seem to think every device is exposed to? How many reported this problem? I’m guessing not 1.
I couldn’t access my email account the other day because Google’s idea of 2 factor auth. They sent a code to my tablet which stopped working and all the other “methods” don’t work or aren’t accessible. I deleted the device and still the problem persists but there’s no way to contact them to resolve the problem. They aren’t the solution they’re the problem by spreading and stealing personal data which isn’t going to be caught by forcing someone to key their Windows password. Were the Credit Unions, who lost most of everyone’s data, was that because they didn’t enter their Window’s password? How about the local government’s that got held hostage for their data? Was that because they didn’t enter their Window’s password? I could go on for days. How many actual accounts of Brave password theft can you even identify?
How soon till 2 factor, which sucks balls by the way, is 10 factor? Where does it end?
You wrote about Google: “they’re the problem by spreading and stealing personal data”
Suggestion: Your having established that you do not trust Google, then: Do not have a Google eco-system account; do not use Google G-mail. Use a paid e-mail service that has support that will contact you.
You wrote: “Were the Credit Unions, who lost most of everyone’s data, was that because they didn’t enter their Window’s password?”
My observation: “The Credit Unions” and several other corporations have been careless. They have not made sure that employees take the necessary steps to follow security protocols. The most common mistakes made by employees, is clicking on links in e-mail messages and in text messages. Executives refuse to comply, and demand convenience over security.
Another observation: A unique master password - not the Operating System’s user account’s password - should be used for securing access to a password wallet/vault.
My preference: Use a 3rd party password wallet/vault.
Re 2-FA (2 Factor Authentication), that took me a while to get the hang of it - meaning: having a spare computing device available “no matter what.” Given your concern, perhaps you would benefit by having a dedicated (“Hardware Token” YubiKey -type) device for handling 2-FA.
Overall, find workarounds and figure out ways to customize - aiming for the performance that you want.
No, not likely, but it was due to there being a gap, loophole or exploit in their security. That is, their security was not good enough or did not have enough layers of protection to keep those attackers out. Any additional layer of security that may stop or hinder an attacker from accessing sensitive information can be helpful.
To be clear, what is happening here is that your passwords are encrypted via OScrypt – more on that on our Help Center here – such that if someone (including you) just tries to look at the file(s) directly, they won’t be able to read it. Your system password is the “key” required to decrypt that sensitive data and serves as an additional layer of security.
If you are eager to be less secure for some reason, then that’s your prerogative but again, security is not something we (Brave) are willing to actively compromise so no, we will not likely be removing the password requirement to view credentials in the browser. If anything, we are likely to implement a unique master password separate from the system password to use to view this information in the browser (because this would, again, provide another layer of security).