Password Manager Browser Extensions

I use 1 Password, and I use the browser extension.
But after the last version release a friend of mine wrote me an urgent message that I should not update because it forced him to install the browser integration (we later confirmed that this wasn’t the case…), but it got us talking, because I was already using the extension and he was not. So, this got me wondering are you guys using your password manager browser extension and why not if so?

His reasoning for not wanting it was the mainly the fear of getting you passwords stolen through websites

Because the extension would be a backdoor into my password vault.

My reasoning against it was that 1 PW for instance addresses this issue, and claims that because they keep the user “in the loop” this linking between the browser and the manager is fine

What are your thoughts?

  • I use the PWM Browser extension
  • I do not use it because I try to minimize the extensions, I install
  • I do not use it because of other reasons
  • I do not use it just because

0 voters

i use Firefox’s built-in password manager - i don’t know how wise that is, especially since i know next to nothing about it - i use KeePassXC and i had tried 1 or 2 of the KP to FF bridges, but it just seemed rather unnecessary - also i don’t need to sync passwords between devices, so another reason for not having an extension

I don’t trust password managers, and for good reason. Giving your passwords to LastPass or someone else means they could do whatever they want with them. You could set up a password manager and next thing you know a hacker comes in and steals them, because your password manager sent out your passwords to the hacker.

If you still want to use a password manager, then you should enable 2-step verification on all of your accounts. You have been warned.

nah im unsing bitwarden app, addon

So what’s your password strategy, use the same password everywhere?

Not trusting a password manager is a misguided opinion. Of course there’s no such thing as perfect security, but don’t let perfect be the enemy of the good. There are no better alternatives to good password managers.

4 Likes

pass with passmenu. Can easily look up passwords with a set key combination, no need for browser extensions anymore.

I think it depends on which password manager you’re referring to. While none have “perfect” security, that’s true of any of the privacy tools we’ve talked about thus far. I would guess that the best option would be a program that gives you the option to store them offline. Thoughts?

It doesn’t really matter what password manager in my opinion, as long as you’re using one. I would use LastPass before not using anything. Hell I’d probably use Google Passwords in Chrome over not using anything at all now that they randomly generate passwords. (To be clear you should not use either of those, just illustrating a point).

There are definitely better options. But that’s up to “you” to research on your own and figure out what’s best for your use-case.

4 Likes

I usually try to use more than one password and remember a few of them. I don’t trust password managers because if I gave my sensitive data to a company, they could easily access all my passwords and give them away. I once looked at KeePass which was open source, but I read that at the time there was a big data leak and that open source software wasn’t secure.

Also, what happens if the company runs out of business and I lose all my passwords? What If I get locked out of my account because I relied too much on a single password manager?

Also, when I looked at one of the articles you posted, I saw a link on how the password would soon cease to exist. If that’s true, then there isn’t really any reason to use a password manager. Besides, I use 2FA on my important accounts.

that is both partially true and completely false - allow me to explain…

it is false that open source software (OSS) can not be secure - OSS is used in critical infrastructure and throughout the infrastructure that powers the web, in routers, web servers, encryption, communications, web browsers, email clients, office applications, etc., etc., etc. - a lot of people seem to think that making the source code publicly available is a security risk and this is not true - by making the source code available, it can be audited by anyone, professionally or privately

Windows is closed source - what does it’s track record look like? or Adobe Flash Player? or MS Office? or Outlook? all these have terrible security backgrounds

that said, just because something is open source, that certainly does not guarantee security, however probably any major OSS software, such as Firefox, Chromium, Thunderbird, Linux, etc. are under a lot of scrutiny and can generally be trusted

from a privacy POV, there is no comparison because one cannot trust proprietary software with their privacy - if you can’t see the source code, you generally cannot know what the software is doing

regarding KeePass, it stores passwords locally, not ‘in the cloud’, so you don’t have to worry about privacy or whether the developers throw in the towel - personally i use KeePassXC and i think at least several other peeps here might also recommend it - there are also a selection of apps for mobile that work with KeePass databases