cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jeppie
Making moves
Status: New idea

  Mozilla needs to return lockwise or make a new better password manager outside of firefox. If you ask me i find a password manger outside a browser safer then inside a browser because it's more secured. If someone disagree with me i like to know why.  I don't know why mozilla stopped lockwise because in my eyes it was a great password manager.      

14 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

ADGrimes
Making moves

Bring back and improve upon Firefox Lockwise

Firefox Lockwise should be brought back. Keeping credentials separate from the browser is part of security best practices, and so it would be great if Lockwise could be brought back in some way. Also, given the recent changes at Twitter, lots of users are looking for 2FA authenticators, and so building this into Lockwise would also create an opportunity for Mozilla to gain a share of that market.

Jon
Community Manager
Community Manager

(Note: a similar idea has been merged into this thread)

Serg
Employee
Employee

Hey all, thanks for your ideas! Can you elaborate a bit more on what makes a separate Lockwise made by Mozilla more secure than Firefox made by Mozilla? Is it a feeling of extra safety or feeling of unsafety of a browser or specific attacks that can be prevented that way?

Jeppie
Making moves

 @ADGrimes i agree with the 2fa authenticators but not that it would be build in the password manger. Why i say it is because of a article i read about someone with the password manager bitwarden. In bitwarden you can save passwords but also 2fa in it. The danger about that is if your bitwarden account got hacked. Then the hacker haves access to your passwords but also the 2fa and you don't want that to happen.    

Jeppie
Making moves

  Hello @Serg ,  The reason is that it is more secure. let's say you are logged in with your firefox account on your firefox browser. You have saved your crunchyroll account email and password into you firefox browser. The hacker or thief only needs to click on fill email and password. He haves then access in your crunchyroll account. But if you use a password manager like bitwarden then the hacker or thief first needs access to your master password of your bitwarden account to get the email and password of your crunchyroll account. Yes you can say always use 2fa on every account but not every person use that or not every service/website gives the option for 2fa. Look it can be just me but my feelings say that it is safer to use password managers then have it saved into your browser. If you think that there is no difference can you explain then why or if i missed something important in my example. 

ADGrimes
Making moves

@SergThanks for your message. I'm afraid I'm not skilled enough technically to know about specific attacks that this may resolve. However, everything I read online from every source tells me that it is best to use a separate application for credentials.

Being in a separate dedicated application like Lockwise would I assume mean that credentials would not be at risk of browser vulnerabilities and attacks.

Serg
Employee
Employee

@JeppieI hear you, looks like you want this Optionally protect filling of saved logins with OS authentication (including biometrics) to be implemented sooner. There is also Use a Primary Password to protect stored logins and passwords (although I'm not thrilled about it). Will that help?

There is nothing wrong with separate password managers, they exists and they do their job well. But if we can remove the connection between password manager and browser, we remove extra attack surface.

Serg
Employee
Employee

@ADGrimes  I can agree with the part that it's best to use any credential management than to reuse passwords or rely on strong memory and randomness of our brains. Standalone or integrated... it depends. There is no right or wrong answer here.

If the browser is compromised, then no matter how good credential management is, user will fill data from secure box into compromised box. Attackers are patient, they don't popup "Hey, I've stolen your data" alerts and attacks can run for years unnoticed.

If the device is compromised, then it does not matter how good the app is. This is why the most healthy thing you can do is to make sure your OS is up to date, that your biometrics are on when present, that you lock device before leaving it unattended.

Jeppie
Making moves

@Sergthank you for answering. I have one more question. Is Mozilla interested in passkeys?