this post was submitted on 11 Apr 2024
5 points (100.0% liked)

Browsers

729 readers
1 users here now

About Community

This is the community to discuss about browsers.

Browsers List

Open Source browsers

Closed Source browsers

List will be updated

founded 3 years ago
MODERATORS
 

Hi,

any LibreWolf experts here, that know how this Wolf handles saved password / auto-login? It's the only browser, that I'm aware of that shoots saved credentials directly into the login forms without any further clicks. You just have to click "login" and you are ready to go.

Unfortunately here on my workplace I'm forced to use Chrome and I have to login on many different site through the day. Mostly 3 to 4 clicks every time:

Activate login form - click Open saved credentials context menu - click Choose desired creds from list - click Login - click

Even the global password manager Keeper is not very helpful on websites. Even more interactions are neccessary for logins.

Firefox is also installed, so I thought someone can recommend an addon or userscript, whereby I'm cautious with third party addons that are handling credentials. On the other site there is Google password manager in Chrome...

Any hints?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] sylver_dragon@lemmy.world 2 points 7 months ago* (last edited 7 months ago) (1 children)

Does every browser just “encode” password lists like that?

It's the decryption key for the encrypted passwords which is encoded (I know confusing). But, they may as well not be encrypted for all the good it's doing you.

Off the top of my head, Chrome does this. MS Edge, which is Chrome with a blue coat of paint, does. Opera is Chrome with red paint, so it's almost certainly base64 as well. Brave browser is Chrome with orange paint.... You get the idea, lots and lots of "independent" browsers are just Chrome (ok technically, Chromium, the open source version of Chrome) which mean they inherit all it's faults. I don't know the scheme Firefox uses, but it's similar enough that recovering passwords is equally as trivial. Here is the tool for that.

The long and short of it is that any system for storing passwords which doesn't have you using some sort of "master password" to unlock the vault, is storing the password locally in a way which is going to be well known and easy for an attacker to reverse. Technically, hardware solutions like smartcards and YubiKeys can also be used in place of passwords; but, that's a whole different area of discussion. Sadly, when things are really convenient, they are usually also really insecure.

[–] raker@lemmy.world 1 points 7 months ago

Thanks again for all the insights!