Completely disagree. Using the Firefox master password feature passwords are safe even in the context of sharing a device or an extension. In addition, multi-FA isn’t necessarily a safer option.
And what’s the provided alternative? A password manager. So storing passwords somewhere else that may leak, and in fact has leaked, and is by its nature a high value target.
Each person has to consider their particular situation and threat model, but a well-secured browser that stores passwords locally can be a perfectly adequate and in fact safer alternative than a password manager.
Simple solution for password manager leakage - KeepassXC or selfhosted bitwarden. All blame is on you then.
Right, so everyone should just do without synchronization to mobile devices or set up their own Bitwarden. That sounds like a solution for the masses.
If you are using a browser with password sync, you have the same possible data leakage problem as with a password manager.
If you aren’t using a browser with sync, then you… have no sync.
So you get five options, all with some downsides
Browser:
- no sync to other devices
Browser (with sync):
- possible data leakage
Password manager (in cloud):
- possible data leakage
Password manager (KeePassXC with no sync):
- no sync to other devices
Selfhosted password manager:
- more difficult to set up
This is FUD and AFAIK even partially wrong.
The passwords are better protected in the built-in password storage of the browser than in any 3rd party browser extension as the browser itself can strictly separate them from the other extensions.
Vaultwarden
