The Web Browser as the Ultimate Password Manager

The Web Browser as the Ultimate Password Manager

We are notoriously bad at password hygiene. Yet, it is crucial for our digital lives. How many of us managed to convince our friends and family members to use a strong and unique password for every service which they use? How about the grumpy response when you suggest them to always use a password manager for everything?

Unfortunately, this problem is not going away anytime soon. The good news is, it is likely that a web browser which we already use everyday is going to solve our problem. My prediction is that every web browser will expand its functionality to be your ultimate, ubiquitous, and secure password management tool.

How is it possible? Well, let us take a look at all major functionalities offered by a password manager, if such a password manager wants to be successful.

First, it has to store the passwords securely (very obvious, isn't it?).

Second, it must synchronizes those passwords across different browsing sessions, perhaps also across different devices. Imagine that you sign up for Airbnb on its website, and then book a vacation house for your next trip. While you are on the road, ready to relax and enjoy your vacation, you probably need to open Airbnb website again on a different computer or even use the Android/iOS app of Airbnb. It will be quite a hassle if you can not retrieve your Airbnb password since it was only tucked nicely inside the laptop you have left at home.

Third, it should generate a password for you. Human is not good at choosing a strong secret, gravitating towards personal, discoverable things: the dog's name, birthday, spouse's name, favorite movie character, celebrity crush, etc. This is why a password strength estimator is important, but sadly not every registration form adopts it. And even with the Diceware approach, the barrier is just too much for normal mortals. However, the password manager can easily, and in fact it should always do that, offer a generated strong password at your disposal.

If you look at the above criteria, most major web browsers already implemented the first two. The users of the most popular web browser, Google Chrome, usually enjoy the ability to have its Chrome profile synchronized across different multiple devices, e.g. a personal laptop vs an Android phone. How about password generation? Fortunately, Google now starts the experimentation of this feature on the latest Chrome Canary. It is currently based on FIPS 181, but that NIST standard has been obsoleted so hopefully we will see an up-to-date implementation.

When this password generation feature is finally deployed to the stable version of Chrome, millions of Internet users will have one less reason to use a weak password or even to reuse the same password over and over again. That is a very good thing! I am not surprised if this also means that Microsoft will push the same feature to its Edge browser, as well as Apple with its Safari browser.

But what about native mobile apps? Well, once your passwords are securely stashed and synchronized by the browser, it is a matter of a tight integration with the application framework. On Android, Google is already heavily advocating for Smart Lock for Passwords. Many popular Android apps, from Netflix to Airbnb, already started to adopt this approach. Try to login to Airbnb on Chrome for desktop, have the password saved and synchronized, and now launch Airbnb app on your favorite Android. Voila! The app will offer to automatically sign you in, using the credentials synchronized from your Airbnb on desktop Chrome. It is a seamless experience, you do not even to have to remember nor type that long password anymore.

I am optimistic that the era of worrying about weak secrets and scrambling to copy/paste unmemorable phrases will be long gone. Safeguarding our digital lives should be a pleasant experience!

gerry lowry

Director at cybernetic sapiens inc.

6 年

No Cloud For Old Men ... i do not trust the cloud or any browser ... for me Open Source desktop KeePass is my goto (sic) password safe.?https://keepass.info/ Ariya, i think we humans can make strong passwords,??NoCloudForOldMen gets a 77 bit quality rating from KeePass. Many homo sapiens let browsers store passwords but leave their desktop and mobile devices unsecured—gain access to a device, access a password protected website such as a bank account, change that password, then while the owner of that bank account sleeps, drain her/his account. imho the best password protection is to change passwords frequently. For me, when a browser asks to save a password, i say never and then whenever possible, i tell that browser not to ask me again. caveat:? i will put a KeePass data store in the cloud—but i will pull it down and update it locally.

回复
Oleg Vaskevich

Monetization and Engineering at Coda

7 年

I've personally started using 1Password, which has pretty solid integration with Chrome and native Android apps. Definitely recommend!

Chris Sidi

Currently building...

7 年

" I am not surprised if this also means that Microsoft will push the same feature to its Edge browser, as well as Apple with its Safari browser." Safari has had this feature since 2013 (https://www.macworld.co.uk/news/mac-software/hands-os-x-mavericks-safari-icloud-keychain-3457530/). I'm looking forward to all the major browsers having this feature and installing one less utility.

回复
Joko Sastriawan

Working on hardware telemetry, manageability and virtualization on a daily basis and collaborating with a bunch of awesome engineers.

7 年

What about different approach? Secure impersonation token. Each pair of trusted services shares symmetric encryption key. Rather than sending password, we just send time sensitive impersonation token to a service we need to access. If the symmetric key is compromised, just revoke and regenerate a new one for the pair. A bit simplistic but storing and exchanging password with high possibility of breach and compromise is just as bad as writing password on sticky notes.

Hendy Irawan

Empowering Aspiring Software Engineers | Expert in Coding, Development, and Career Growth

7 年

What I am very worried is a bad guy can hack into Google accounts themselves (or any password manager) and then get access to all sites and apps. Social engineering works big time.

要查看或添加评论,请登录

Ariya Hidayat的更多文章

  • The Anti-Framework Guide for Building LLM Apps

    The Anti-Framework Guide for Building LLM Apps

    In the rapid explosion of LLM technology over the past two years, one thing is clear: we're all still learning. Many…

    1 条评论
  • Leveraging JSON Mode for Enhanced LLM Output

    Leveraging JSON Mode for Enhanced LLM Output

    For some time, llama.cpp has allowed users to constrain its output, with JSON as a supported format.

    1 条评论
  • Phi 2 for RAG and the Emergence of Small Language Model (SLM)

    Phi 2 for RAG and the Emergence of Small Language Model (SLM)

    Phi 2, developed by Microsoft, is making waves in the world of LLM. Unlike its larger counterparts, Phi 2 is…

    3 条评论
  • Pico Jarvis: An LLM-based Chatbot Demo with RAG (Part 3)

    Pico Jarvis: An LLM-based Chatbot Demo with RAG (Part 3)

    The previous two articles (Part 1 and Part 2) laid the foundation for an LLM-based chatbot with two core capabilities:…

    3 条评论
  • Pico Jarvis: An LLM-based Chatbot Demo with RAG (Part 2)

    Pico Jarvis: An LLM-based Chatbot Demo with RAG (Part 2)

    In the previous Part 1, we explored the potential of Chain of Thought (CoT) prompts, resulting in a chatbot capable of…

    1 条评论
  • Pico Jarvis: An LLM-based Chatbot Demo with RAG (Part 1)

    Pico Jarvis: An LLM-based Chatbot Demo with RAG (Part 1)

    A few weeks ago, I gave a talk at an LLM meetup hosted by Gather in Palo Alto, demonstrating how to construct an…

    4 条评论
  • The Pyramid of Articulate Communication

    The Pyramid of Articulate Communication

    Being able to communicate with clarity and conciseness is a critical skill to the success of every engineering manager,…

  • Tracking Management Tasks on Kanban Boards

    Tracking Management Tasks on Kanban Boards

    The use of Kanban boards is fairly popular in the context of a sprint-style software development, as a form of a…

    1 条评论
  • Engineering Management as a Coaching Responsibility

    Engineering Management as a Coaching Responsibility

    What is the purpose of being an engineering manager? After studying it for a while, I realize that there is a strong…

    3 条评论
  • Cloud vs Cloud

    Cloud vs Cloud

    Because the particular nebulous definition of cloud computing, an organization which does not carefully perform a…

    4 条评论

社区洞察

其他会员也浏览了