Best Browser

[perknh]

Yeah, you're point is well-taken, extensions can be a risk factor.

Check this out:

Kerckhoffs's principle

https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

Password encryption in Yandex Browser

https://yandex.com/support/browser-passwords-crypto/


In my case I'm making an assumption that Bitwarden's password manager is secure since it's it's business to keep our passwords secure.  I'm also making the assumption that because it's open source, those with the know-how can read its code (unlike with LastPass which is a proprietary password manager) and report any bugs they find.  But, you're right, every time you add any extension to your browser's toolkit, you're opening yourself up to more potential risk.  Here is a strong argument (countering mine!) for not using a third-party password manager.

Right this moment I'm writing this from an extension-free, Nightly Web Browser from Mozilla.  And all ll I know for sure is this:  I'm getting to watch a lot more cool ads over and over again when I don't have uBlock Origin up and running.

[dullblade2]

  thank you, perknh.  Security is such a thorny issue in general, not many folks even want to discuss it.  Like stepping off the edge of the continental shelf, off the eastern edge of the Atlantic coast, it gets very deep very quickly.  I looked at/scanned Kerckhoffs's principle- and I agree that an open-source pw manager is probably better than a proprietary one.  I usually do not use much in the way of extensions in FF, I am also 'assuming' and trusting that FF has it basically covered.     

I have respected Bruce Schneier for a long time and have found other good folks to listen to, but unless you are a full time security person, it is easy just to throw up your hands and just hope and pray.  I do Simple things like: do not click on random links out of curiosity, stay updated, maybe re-install your OS once in a while,,,,,but I am not yet versed in the use of VPNs, the Tor browser, and stuff like that.   As I say most of us find it painful even to think about.     

 If one follows the big news stories about Huawei, Cambridge Analytica, FB, etc., we probably face more threats just using mobile phones-which phone home (Huawei), FB (which mines and milks anything you post), and the big aggregator companies which collect personal info across a wide array of places until they know more about you than you know about you.  Thanks for your input.

[perknh]

Why in the world does Chromium/Chrome still not have a master password option for its own password manager?  Firefox gives its users the option to protect their passwords with a master password.  Why can't Chromium and Chrome do the same.  I've now tried Firefox's master password option and it works just fine.

Admittedly we can have stronger passwords if we do make use of Chromium's/Chrome's default password manager than if we don't, but I don't get why Google won't add a master password option to its password manager.  Does Blair's argument below from December 2008 still hold water?

Is Blair right when he says "that it [a master password] creates a false sense of security instead of actually providing a strong security benefit"?  Wouldn't having the option to have a master password be better than not having the option?  I just don't get Google's logic here, even though I know that Google (on most things) is pretty darn smart.

Blair (Googler) said:
Hi everybody,

We understand that many of you want a master password for your saved passwords in Google Chrome.  You’ve laid out many scenarios in which this might be useful, but the most common is that if your computer were to fall into the wrong hands, that person would then have access to your saved passwords.

While we agree that this situation would be terrible, we believe that a master password would not sufficiently protect you from danger. Someone with physical access to your computer could install a keylogger to steal your passwords or go to the sites where your passwords are stored and get them from the automatically filled-in password fields. A master password required to show saved passwords would not prevent these outcomes.

Currently, the best method for protecting your saved passwords is to lock your computer whenever you step away from it, even for a short period of time.  We encrypt your saved passwords on your hard disk. To access these passwords, someone would either need to log in as you or circumvent the encryption.

We know this is a long-standing issue, and we see where you're coming from. Please know that your security is our highest priority, and our decision not to implement the master password feature is based on our belief that it creates a false sense of security instead of actually providing a strong security benefit.

Best,
Blair

Source:  https://productforums.google.com/forum/?hl=en#!category-topic/chrome/give-feature-feedback-and-suggestions/k6JmRoGJp5w