Mozilla needs to return lockwise or make a new better password manager outside of firefox. If you ask me i find a password manger outside a browser safer then inside a browser because it's more secured. If someone disagree with me i like to know why. I don't know why mozilla stopped lockwise because in my eyes it was a great password manager.
Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.
Bring back and improve upon Firefox Lockwise
Firefox Lockwise should be brought back. Keeping credentials separate from the browser is part of security best practices, and so it would be great if Lockwise could be brought back in some way. Also, given the recent changes at Twitter, lots of users are looking for 2FA authenticators, and so building this into Lockwise would also create an opportunity for Mozilla to gain a share of that market.
(Note: a similar idea has been merged into this thread)
Hey all, thanks for your ideas! Can you elaborate a bit more on what makes a separate Lockwise made by Mozilla more secure than Firefox made by Mozilla? Is it a feeling of extra safety or feeling of unsafety of a browser or specific attacks that can be prevented that way?
@ADGrimes i agree with the 2fa authenticators but not that it would be build in the password manger. Why i say it is because of a article i read about someone with the password manager bitwarden. In bitwarden you can save passwords but also 2fa in it. The danger about that is if your bitwarden account got hacked. Then the hacker haves access to your passwords but also the 2fa and you don't want that to happen.
Hello @Serg , The reason is that it is more secure. let's say you are logged in with your firefox account on your firefox browser. You have saved your crunchyroll account email and password into you firefox browser. The hacker or thief only needs to click on fill email and password. He haves then access in your crunchyroll account. But if you use a password manager like bitwarden then the hacker or thief first needs access to your master password of your bitwarden account to get the email and password of your crunchyroll account. Yes you can say always use 2fa on every account but not every person use that or not every service/website gives the option for 2fa. Look it can be just me but my feelings say that it is safer to use password managers then have it saved into your browser. If you think that there is no difference can you explain then why or if i missed something important in my example.
@SergThanks for your message. I'm afraid I'm not skilled enough technically to know about specific attacks that this may resolve. However, everything I read online from every source tells me that it is best to use a separate application for credentials.
Being in a separate dedicated application like Lockwise would I assume mean that credentials would not be at risk of browser vulnerabilities and attacks.
@JeppieI hear you, looks like you want this Optionally protect filling of saved logins with OS authentication (including biometrics) to be implemented sooner. There is also Use a Primary Password to protect stored logins and passwords (although I'm not thrilled about it). Will that help?
There is nothing wrong with separate password managers, they exists and they do their job well. But if we can remove the connection between password manager and browser, we remove extra attack surface.
@ADGrimes I can agree with the part that it's best to use any credential management than to reuse passwords or rely on strong memory and randomness of our brains. Standalone or integrated... it depends. There is no right or wrong answer here.
If the browser is compromised, then no matter how good credential management is, user will fill data from secure box into compromised box. Attackers are patient, they don't popup "Hey, I've stolen your data" alerts and attacks can run for years unnoticed.
If the device is compromised, then it does not matter how good the app is. This is why the most healthy thing you can do is to make sure your OS is up to date, that your biometrics are on when present, that you lock device before leaving it unattended.