True password manager built into the browser?

Deleted User

Deleted User last edited by

Hello,

I am leaving Google after many years of use and I have been exploring browsers.

I use Windows and GNU/Linux and switch between the two from time to time. Password managers built into browser have always had a history of something we shouldn't use, yes, some do , but this is not ideal. We instead (the security minded anyways) are forced to search out a password manager and that is fine and all, but I always wonder why my browser does not have a capable password manager built in?

So I would like to suggest a real password manager built into the browser. When I say real, I mean a password manager that has features like:

Creating complex passwords with choices in complexity
Sync with 256 bit encryption with no knowledge sync
Auto fill without an extension

When I think about this built into Opera, I don't think you have to reinvent the wheel. Use something like KeepPass since it is open source and modify it to work in the browser. Make it where upstream updates are easily pushed to the browser, easy peasy.

Why not something like this? I believe passwords are cumbersome old school BS, but this does not change any fact that passwords and complexity are more important today then ever.

Can this happen?

canadagoose4ever

canadagoose4ever last edited by

Just use Lastpass. What is the big deal? The developer team has better things to do with its limited resources. There are all kinds of alternatives than needing what you suggest.

Deleted User

Deleted User last edited by

Just use Lastpass. What is the big deal? The developer team has better things to do with its limited resources. There are all kinds of alternatives than needing what you suggest.

What if Lastpass is bought by a company I don't trust? Then what? I am forced to use a product I don't trust from a company I don't trust?

Then we have the alternatives, Dashlane is not really cross platform and either is 1password. Although people have been begging both companies for a version for ages no no avail.

Better things to do then user security? You know, many people use the same password for every site. And believe me, I know because I deal with these types all the time. And here I am suggesting that the gateway to the Internet (browser) become more secure for the average user (and add a convenience to us who are not average users) and you say Opera has better things to do?

I tend to see things in a different light. Opera should encourage strong passwords and security because when they do, they do a small part to make the web more secure for the rest of us.

leocg

leocg Moderator Volunteer last edited by

You seem to be suggesting more of a password creator than a password manager. And i'm not sure if letting a software to create my passwords can be something secure.

You know, many people use the same password for every site. And believe me, I know because I deal with these types all the time

Believe me, those people will not start to change their behaviour just because Opera or any other browser released a password creator tool.

And here I am suggesting that the gateway to the Internet (browser) become more secure for the average user

And how a built-in password creator tool would turn a browser into something more secure for its users? And what if that average user needs to access a page using another browser? How would s/he know his/her password?

Btw, i remember have read a while ago that some important companies are doing studies to abolish the use of passwords as we know them currently. So i don't know if implementing a password creator would be the best thing to be done by Opera.

Deleted User

Deleted User last edited by

You seem to be suggesting more of a password creator than a password manager. And i'm not sure if letting a software to create my passwords can be something secure.

I am suggesting more of a complete tool instead of simply storing passwords.

Believe me, those people will not start to change their behaviour just because Opera or any other browser released a password creator tool.

No, it would only change some. As much as you believe it wouldn't change many, I have learned that explaining the hazards and pointing people in the right direction works.

And how a built-in password creator tool would turn a browser into something more secure for its users? And what if that average user needs to access a page using another browser? How would s/he know his/her password?

Very simple, make it standard compliant (KeePass?) this way the passwords are "portable".

Btw, i remember have read a while ago that some important companies are doing studies to abolish the use of passwords as we know them currently. So i don't know if implementing a password creator would be the best thing to be done by Opera.

Having been using passwords since the days of the local B.B.S, I hear a lot of things changing but nothing changing. We are still using passwords and the system is still a mess.

Case and point:

I was a Lastpass user for years. Lastpass was bought by Log-Me-In I and many other people have issues with the new owner. So I left Lastpass. Looking for a solution I realized how abysmal the password manager system really is. No one is trying to compete with Lastpass, they instead all ran off and catered to a niche.

I use KeepPass now because it is browser agnostic (it even works with Edge). But it is a far from stellar solution. It's a great manager yes, but easy to use? Not really for the average user.

The Internet has been around for well over 20 years. We can make the experience better for everyone.

leocg

leocg Moderator Volunteer last edited by

Very simple, make it standard compliant (KeePass?) this way the passwords are "portable".

Ok, but it would imply that other browsers would do the same, right?

Having been using passwords since the days of the local B.B.S, I hear a lot of things changing but nothing changing. We are still using passwords and the system is still a mess.

Sure we are but i think we can't compare today's passwords with those of 20 years ago. Back on that time they used to be more simple as the technology to break them wasn't that powerful.
With the development of new, more powerful technologies, it became for easy to break passwords and they needed to become more strong, more complex.

And i think that we've reached (or are reaching) a point where even a very complex password may not be enough to protect user's data, so other ways to do it were created, like 2nd factor authentication, biometry and so on.

With more and more sites using and encouraging their users to adopt 2nd factor authentication, a built-in password creator would be, IMHO, something unnecessary.

canadagoose4ever

canadagoose4ever last edited by

You might want to check out the work Steve Gibson is doing on SQRL found here:

https://www.grc.com/sqrl/sqrl.htm

Bottom line: passwords are becoming obsolete and I can't really see the devs whose resources are already pressed to the limit spending time and energy working on a pw manager of sorts. I don't see what the hang-up with the new owners of LP is but I guess we all have our stories and experiences. I find LP to be adequate for my needs.

Deleted User

Deleted User last edited by

And somehow we all decide to rid ourselves of all accountability for the security of the internet.

LP is great if your a geek and know what it is (Okay, some non-geeks to). But search it, the most popular password on the internet is 123456. And it has been the most popular year after year.

My mother had to come stay with me for a little while. I have helped her over the years with many issues but have never really talked passwords with her. She moved in and I was shocked. Her password (no "s") was something like this: Timmy428. Now, if we are going to promote a gateway to the internet (browser), then don't we owe it to the people we promote it to; to provide them with the right steps to secure their own experience?

Sure, for us geeks or old timers (gee, in internet speak I am :D) it is easy to pass the buck to LP or Dashlane. But the reality is, many people don't know about those technologies and I say we are asking to much to expect as much when we are the gateway to the very thing that should be secured.

Mark my words, this will be an issue in 15 years as it is now. There have been many "solutions" that have been presented in my time on the internet, guess what? We are still using passwords and they are here to stay. And to say two factor is the cure.... When people have 123456 as the password? I don't think so....

leocg

leocg Moderator Volunteer last edited by

And to say two factor is the cure.... When people have 123456 as the password? I don't think so....

2nd factor authentication is one more layer to (try to) protect user's data, it's not a cure or a final solution.

And although 2nd factor may help protecting those who use weak passwords like 123456, the only real help for those people would be education and not exactly a complex password creator that would make people dependent of it.

Mark my words, this will be an issue in 15 years as it is now. There have been many "solutions" that have been presented in my time on the internet, guess what? We are still using passwords and they are here to stay.

Maybe yes, maybe no. Although we are still using passwords since a long time, many things changed regarding the use of passwords.

kapsi

kapsi last edited by

I would like a feature to allow copying passwords to clipboard. Sometimes I save credentials for a website in Opera, but need to use them outside Opera - for example in Spotify or Steam. Sometimes Opera doesn't offer password autofill, even if it was saved in Opera (I had that problem with Adobe account). Another improvement would be allowing manually adding credentials. Basically, make it more like Last Pass.

donq

donq last edited by

http://www.nirsoft.net/utils/chromepass.html

You have to enter your Opera Profile folder in File - Advanced Options, on W10 (and dev Opera) it is like next:

c:\Users\myverycoolusername\AppData\Roaming\Opera Software\Opera Developer\