When Will There Be A Master Password?

Hello SLK001,
I am aware that we all have our personal preferences in how we login too our online accounts. If I may, i’d like to give you a friendly suggestion. Have you heard of a ‘Password Manager?’ I have been using one, called ‘1Password’ for around 3 years now and still, everyday when I use this wonderful application it blows my mind. As you literally no-longer need to sweat over creating new passwords. If you happen too also use 2 Factor Authentication, you can also use 1password as the authenticator application all in one. Not only that, if you have heard of the website called ‘Haveibeenpwned’ (a site that allows you to see if your login email address/passwords have been compromised. Well 1password uses this site, automatically checking for any compromises within the sites you login too. Your 1password account tells you if a site has been compromised. Give it ago…i’m sure your’ll never look back :slight_smile:

www.1password.com (you would not regret using this one!! :slight_smile:

Other ones are
-Dashlane

-Nordpass (created by the team at ‘Nordvpn’)

There are others…

Good luck

1 Like

Still nothing? I see all the helpful suggestions to use a third party password management app and/or to rely on Windows 10 functionality. I don’t see any response or info of any kind to suggest that Brave has even thought about this.
If the official answer is “The Brave team has made a deliberate decision to allow the browser to save passwords, but NOT to secure those passwords” then I think many users would appreciate knowing that (and wouldn’t hurt to provide some explanation as well?).
As a new user coming in, I had naively assumed all my saved passwords would be protected. After all, this is Brave we’re talking about, right? Why would someone go to the work of building password-storage functionality into the browser, but not provide any way to secure that stored information?
Please, Brave, if someone “in the know” stumbles across this thread, please enlighten us as to whether this feature is “under contemplation”, “under development” or “only in your dreams.” Thank you!

3 Likes

I think too that a master password would be very nice, because currently I must use bitwarden but thats only my second choice, I would prefer if I can use a masterpassword for all my password direct in brave, because then its localy and safe, bitwarden is I think also safe, but unfortunately not locale…

3 Likes

I strongly support this feature proposal, is a MUST! I tried Brave and I like the browser, but I wont move from Mozilla Firefox until the master password secures my saved ones here too.

3 Likes

+1
Master password is crucial!
I want to switch from firefox to brave but without master password this is not possible.
Please add this feature.

3 Likes

I reverted back to Firefox only for THIS REASON! If my computer get’s stolen, they will be able to access all my usernames/password. This is so bad! It is unbelievable that they have never made work of such an important security flaw. Just imagine all the things a thief can do when they can access this information. I can create a nightmare of your life!

3 Likes

While I am concerned that Brave has not made a move in 3yrs regarding a master password from all the requests, the browser is still akin to Tor in its security, but more convenient and faster. So I switched to a 3rd party PW manager, and kept brave. FF is good, and I have had it since its inception, It is time to pass the crown.

2 Likes

But master passwords does not work on mobile so I deem it useless in the end. If Brave were to implement a MP, it should be both desktop and mobile, maybe akin to sync (i’m speaking from ignorance in informatics).

1 Like

Firefox Masterpassword works on mobile (Android). With apple its annoying because it works sometimes but most of the time you have to insert your username and then your password gets inserted automatically. But this is a problem by apple. They want that you use safari.

3 Likes

Master Password seems to be mandatory for security sensitive browser.

3 Likes

I may have to go back to Firefox just because of this security concern. Anyone who has access to the computer can gain access to all passwords. This is a major security concern.

3 Likes

We needed this feature 2 years ago!! Please make it happen by NOW!!

3 Likes

Please implement the Masterpassword-to-unlock feature. As I can see there are a lot of users who wish to have that also. I even was asked by a user I presented the browser so this is clearly missing for a security oriented browser :slight_smile:

2 Likes

This is a good hint though this does not prevent a user from logging in to any sites which Brave has stored passwords for. The only thing which prevents that is either not having those passwords saved in Brave or having a Master password which needs to be typed in before the passwords gets inserted in the Websites. Right now it is possible to just go to a site and the passwords will be available to login (hidden behind bullets, though I am not sure if certain “bullet unhider” programs might help with this problem :smiley: )

2 Likes

In the meantime, LastPass has been the best solution for me, but hell yeah, a Master Password storing local data lined by Brave Sync, all of them native brave apps.

2 Likes

@fmarier I wanted to tag you as I think this subject is your forte. Hoping you can give input later on if this is a possibility or why it can’t/shouldn’t be available. I know you commented on something similar in the past, but I guess since it keeps resurfacing and this thread been discussed since 2019, albeit with few comments, it makes me a bit curious if it’s a viable feature?

1 Like

We do have an issue open for this feature request:

I definitely understand the desire for this kind of feature. In fact, a lot of people are using external password managers for that very purpose.

There are two main challenges with implementing such a feature in the browser:

  1. The user experience is tricky to get right. The Firefox equivalent for example has gone through several iterations and has never been something that the design team was happy with as far as I know. There are also some considerations around phishing.
  2. In order for the master password to be useful/effective, the password database needs to be encrypted at all times while the browser is running (except when auto-filling the password). I have not looked at the Chromium code, but I suspect that it assumes that it can read from the password database at all times and changing that assumption without breaking anything might be tricky.

So it’s not something we’re opposed to doing, but it’s also not a quick one.

5 Likes

I just want this to be added so Brave beats Firefox in https://www.mozilla.org/en-US/firefox/browsers/compare/

It should apply on mobile as well… Imagine the enhancement on security if your master password works across all platforms!

Quote from fmarier:
" There are two main challenges with implementing such a feature in the browser:

  1. The user experience is tricky to get right. The Firefox equivalent for example has gone through several iterations and has never been something that the design team was happy with as far as I know. There are also some considerations around phishing.
  2. In order for the master password to be useful/effective, the password database needs to be encrypted at all times while the browser is running (except when auto-filling the password). I have not looked at the Chromium code, but I suspect that it assumes that it can read from the password database at all times and changing that assumption without breaking anything might be tricky."

#1) USER EXPERIENCE: For years, I used the FF master password with absolutely NO impact on my “user experience” (except from the warm and fuzzy feeling that I got knowing that my passwords and logins WEREN’T HELD IN AN UNENCRYPTED DATABASE VISIBLE TO EVERYONE WHO WANTED TO SEE THEM).
Also, a comment on the phishing concerns. If someone is too ignorant to fall for a phishing attack, then perhaps being online is not for them.

#2) Why would any browser need to read from the password database AT ALL TIMES? At logins, sure, but why the need for “all times”?

Quote from fmarier:
“So it’s not something we’re opposed to doing, but it’s also not a quick one.”

Yes, apparently not “a quick one”, judging from the original request being made THREE YEARS AGO (and still counting).