Most browsers just keep that crap in a plaintext file. And most of the password manager vulnerabilities, IIRC, have been with their browser extensions.
It’s a good rule of thumb that if you do not pay, as the result of some sort of contract, for the service of security, and you do not own the software or hosting within which you expect something to be secure, then you don’t actually have any security.
The browser could be storing your data in plain text, and making it available to other software or malware on your system (or even on websites you visit, or to scripts which run in ads on websites you visit); the browser could be making it available to their internal tools or external “partners”; the browser could be storing it in the cloud and be subject to a breach for which you will never receive a cent; the browser could be doing everything “right” right now, but change their terms next week and your convenience will turn into a liability.
Host it yourself, as you do with bitwarden, and manage your own security, or pay a company to host it who makes it their business and is therefore legally liable if they screw up.
Why not in the browser, though? So convenient.
Disclaimer: I keep them in my Bitwarden account. 👍
Most browsers just keep that crap in a plaintext file. And most of the password manager vulnerabilities, IIRC, have been with their browser extensions.
Many years ago maybe…
Does Firefox not do that anymore?
Not according to their website.
Well then. 😎🔒
Its probably been that long since i stored a password in a browser tbh.
It’s a good rule of thumb that if you do not pay, as the result of some sort of contract, for the service of security, and you do not own the software or hosting within which you expect something to be secure, then you don’t actually have any security.
The browser could be storing your data in plain text, and making it available to other software or malware on your system (or even on websites you visit, or to scripts which run in ads on websites you visit); the browser could be making it available to their internal tools or external “partners”; the browser could be storing it in the cloud and be subject to a breach for which you will never receive a cent; the browser could be doing everything “right” right now, but change their terms next week and your convenience will turn into a liability.
Host it yourself, as you do with bitwarden, and manage your own security, or pay a company to host it who makes it their business and is therefore legally liable if they screw up.
Crane’s law.
I use the free tier of bitwarden.eu. 🤷♂️ I figure it’s their business to be secure, then it should be secure enough.