DEV Community

Discussion on: Pushing Left, Like a Boss! -- Part 2: Security Requirements

Collapse
mattdimu profile image
Matthias Müller

Great article!

But why is a Browser-Built-In Passwort Manager like Firefox' PW-Manager unsafe? (assuming a master pw is set or the computer is only used by 1 person)

Btw. turning off autocompletion doesn't work in most browsers anyway:
support.mozilla.org/en-US/kb/passw...

Or did i simply misread your comment?

Thread Thread
shehackspurple profile image
Tanya Janca Author

Browser-Built password management functions are not as secure as as an actual password manager. It is not an overly safe place to keep it. Another reason is that you have no idea who is using your site, nor which computer they are using it from; if someone is in a hostel backpacking across Europe and accidentally says "yes" to the "would you like XYZ browser to save your password?" they have unwittingly saved their password for all the hotel users to use later. Unfortunately we need to design assuming the worst case (public computer, not-technically-savvy user), rather than the best case (for instance you personally, someone who is knowledgable enough to read and understand my blog, is the absolute best case scenario for an app user).

Does this make more sense? Is it helpful?

Also, yes; sadly not all browsers support all of the same features, rules or standards. But we do what we can.

Thread Thread
shehackspurple profile image
Tanya Janca Author

PS Thanks for the really nice comment!