Browser-laptop: master password for password manager

Created on 15 Apr 2016 · 15Comments · Source: brave/browser-laptop

it would be nice to protect visibility of the passwords in the password manager with a master password. similar to firefox.

featurpassword-manager fixed-with-brave-core suggestion wontfix

Source

dschneiderch

👍9

Most helpful comment

This would be really helpful

tomsotte on 21 Apr 2016

👍2

All 15 comments

This would be really helpful

tomsotte on 21 Apr 2016

👍2

I think this would be more than helpful as this is one flaw I see in Brave's mission of keeping your browsing experience more secure. If we click the eye, we should be prompted to enter our user account password similar to how chrome does so (works for windows and mac).

indigo0086 on 22 Apr 2016

fwiw you can do this right now by locking the system keychain since passwords are encrypted with a master password that is in the keychain. but there could be a more user-friendly way to do it.

Update: I checked as of 0.18, this method still works but you have to restart Brave after locking the keychain. Same as in Chrome.

diracdeltas on 29 Aug 2016

@NejcZdovc noticed that Chrome prompts for system keychain access when you click to show a password in chrome://settings/passwords. I'm not a huge fan of this approach because it seems like it would give users a false sense of security (since the attacker can just go to the site, have it autofill, then copy the autofilled password into a visible field, given a few more seconds of attack time). However it's another option we could consider.

diracdeltas on 19 Aug 2017

Also very pro a master password feature, like Firefox has.

bramvanoost on 30 Sep 2017

+12 Upvotes, 11 Likes

NumDeP on 30 Sep 2017

In https://www.reddit.com/r/braveproject/comments/7r6awh/brave_password_manager_vs_others/?st=jcjuitcx&sh=13114369, I asked why I should or shouldn't use one manager over another (brave built-in vs. others) - I suppose this is one reason? (lack of master password)

fermulator on 18 Jan 2018

Also, there was a post in the community forums for a "browser password" (super-password) in https://community.brave.com/t/password-protect-browser/4463. This is not the same as this request, but related.

fermulator on 18 Jan 2018

+1 from Twitter https://twitter.com/mickasuk/status/965984637318246400

eljuno on 20 Feb 2018

👍1

+1 - this holds me back from replacing Firefox

axmichail on 26 Feb 2018

👍1

+1
Is there any progress here at all or still just feature request? Seems like a huge offline privacy hole.

gallegosart on 7 Jul 2018

👍1

+1 here
I think this is a big security issue as commented here:
https://community.brave.com/t/big-security-issue-with-chrome/29221

CarlosRuiz-globalqss on 6 Aug 2018

+1 from Community:
https://community.brave.com/t/i-think-need-request-to-improve-brave-s-password-management/32112

Brave-Matt on 13 Sep 2018

This is fixed with our Developer channel release 😄

When you visit chrome://settings/passwords and try to expose the password by clicking the eyeball, you'll get prompted for your password:
screen shot 2018-09-13 at 10 01 50 am

bsclifton on 13 Sep 2018

👍1

I'm not sure that the fix described above actually addresses this request. It appears that the approach implemented is to use the keychain, similar to Safari's implementation. This request mostly is about implementing a master password that is independent of the user's local account credentials in the same way that Firefox does. I'm in favour of the master password approach.