I've stayed (edit: with Firefox) because of (1) containers and (2) password storage. I have to use Chrome for some things, and every now and then it prompts me for a password and refuses to use the auto-fill. Totally torques me off because my passwords are not easy.
But I completely trust Firefox on the password issue, to the point that I let it generate them for me.
>But I completely trust Firefox on the password issue, to the point that I let it generate them for me.
Not that I don't trust them but I always recommend using a dedicated PW manager like KeePassXC which is FOSS and has been security audited, plus it gives you full control over where you get to store your PWs and how they're secured and generated.
To be fair, Firefox is also FOSS, contains an integrated password manager with extraordinarily well-integrated browser compatibility, and by opting to use a master password to encrypt or decrypt the store also gives you control over securitization, storage location, and generation.
Not to say that KeePassXC isn’t useful if you want even more fine-grained controls, but it seems like in the
> Use password in browser
Use case, KeePass would actually weaken the security guarantee by adding a second component you need to trust.
My problem with Firefox's password manager is there doesn't seem to be a way to export/import to/from an encrypted file that I can back up to other places. I can export to an unencrypted text file (and no apparent way to import again), or I can use their sync service (or run my own maybe?), or I can backup the entire firefox profile.
This is what Firefox says when I go to export my logins: "[!] Your paswords will be saved as readable text (e.g., BadP@ssw0rd) so anyone who can open the exported file can view them."
KeePassXC on the other hand gives me a simple encrypted database file that I can copy around to different places for some peace of mind.
> "[!] Your paswords will be saved as readable text (e.g., BadP@ssw0rd) so anyone who can open the exported file can view them."
That's effectively what almost all of them say when you export your logins (usually as CSV, JSON, or XML), because they export in plain text, because you don't know what the user needs it for, up to and including manual imputation (better than expect a random user to have to learn how to print out a database, or worse submit that database file to some online service to print out).
Users aren't necessarily highly computer literate, we don't want to prevent people from having security, but even if they were they may still have use cases that do not accept such a database (migrating password manager that don't know your previous one, perhaps), so most of them use (unencrypted) plain text and just accept they'll have to leave it in the user's hands, and warn them it's exposed.
We'd absolutely love there to be safe, portable ways to move our data around such that it remains encrypted while migrating, yes, but that's just not something our current crop of software really enables fully these days, unfortunately.
I'd even say "adding a second vendor you need to trust". Yes, these days there seems to be a strong drive to just get a big package out of a single hand. Like having the browser closely tied to the OS. I don't like it. I prefer to choose the individual parts as i see fit. Keepass and some bit of custom sync, in this case.
Now, in the same vein I expect MS & Google making it easy to support different browsers, I'd want Mozilla making it easy to integrate other password managers. I'd love to be corrected, but afaik the "password manager with extraordinarily well-integrated browser compatibility" doesn't offer any way or API to connect my keepass with it. Its only for Mozilla's own stuff. Not the open, user controlled system i'd love Firefox to be.
The Firefox Android Addon system is even worse... only a very short list of pre-approved extensions are available. With the escape hatch for devs requiring some stupid online-account. Sorry, but how is that different from an App store without side-loading?
Still recommend using Firefox, since it is the best we have. But yeah, i don't like the less and less open direction apparently chosen by Mozilla. And wonder if not being a good role model will hurt them down the line...
It would limit the scope of the damage. Instead of getting the entire password database, the keylogger would only get those passwords that were used while the system was compromised.
True, but keyloggers aren't one of the threat vectors I am most concerned about, and as mcpackieh said, it still limits the potential damage quite a lot.
We all have to gear our security mechanisms toward our particular threat assessments.
What is your biggest concern? I would think key loggers are a more common threat than attacks on the password manager directly, especially if you're running something niche. What else do you gain from keeping it air gapped?
Keyloggers rank low for me because I'm only using my own devices that I have physical control over, so a dongle is unlikely. A keylogger would have to come in through malware.
That's certainly possible, but if malware were able to get installed despite my other protections, then I probably have much larger issues. And the keylogger would have to phone home with the data, which is unlikely (but not impossible) to happen without raising some alarms.
So I'm more worried about sharing data with the password management company systems themselves. If there's no real reason to send data over the net, then I don't want to send data over the net. The smaller the attack surface, the better.
It's just my personal policy. In reality, I don't consider either keyloggers or password management company computers to be huge enough risks that I lose sleep over them. Plus, I don't want to become reliant on a particular piece of software to do important things -- typing my password by hand means that I'll have the most common passwords memorized, so if something goes wrong that prevents the use of the password manager, I'm not locked out of anything.
This is unfortunately not robust against phishing which is for most users the bigger risk IMO (not necessarily power users, but I'd argue that most power users are too sure about themselves in this regard). It's always a question about the threat vectors and this weight you give them.
Firefox password management on desktop is great. I've got very frustrated with it on mobile (Android) over the last 6 months, with it failing to recognise password fields on account creation to generate passwords. I was relying on Firefox password management but have just transitioned to Bitwarden.
But I completely trust Firefox on the password issue, to the point that I let it generate them for me.