The previous so-called ‘distinction’ between ‘browsers’ & ‘password managers’ continues to be eroded.
Firefox & Chrome both recently introduced brand new ways for users to ascertain whether passwords they use have been now compromised.
There are no lacking attacks targeted at getting access to users’ accounts today. These include credential stuffing, brute force attacks, & exploiting lax password reuse. Web browsers have been helpful, allowing users to know if they have now become compromised.
Two of the world’s most popular browsers, Mozilla Firefox & Google Chrome, have both now rolled out very new features, just in the last couple of weeks, designed to make their users aware as to whether or not they should change their service password.
Mozilla has released a totally new version of Lockwise, its password management tool, earlier this May.
The update gives users a new better way to generate, manage, & protect logins. If you do share a computer with a friend/family member, Firefox will ask for the device’s password if you are trying to copy a password from your passwords page.
When & if a user’s password has been used on another account that was compromised in a data breach, Lockwise will then alert the user and persuade them to then change it.
If Firefox does actually confirm a real site breach, it then goes on to prompt users with a very stark warning, in a large, dark red block, which goes on to ask them to immediately than change their password.
For the informed, it must be noted that the service uses an encrypted list of breached passwords & then checks it against all saved passwords.
It will learn about breached websites following Firefox Monitor’s integration with Have I Been Pwned. This database is maintained by Troy Hunt & it aims to track both breached websites & compromised passwords.
So, this all means that any real distinction between browsers & password managers is very clearly now starting to completely disappear. This, hopefully, will create a more secure environment.
Lockwise will both create & also will autofill needed passwords with a minimum of 12 random letters, numbers & symbols, if the users cannot devise their own..
Google, too, introduced a new version of Chrome this week. It fulfils a similar function.
Within this is a wholly new feature named “Safety Check,” Chrome will letting users know if any passwords they ask the browser to remember are actually compromised & then go on to show how to fix them.
It also will check to see if users are running the most recent version of the browser, if any dangerous extensions have been downloaded, & if they are running safe browsing – Google’s 13-year-old service that sniffs out malicious or phishing website.
Enhanced Safe Browsing
In addition, Google also released further upgrades. Included is what it calls ‘Enhanced Safe Browsing’ & ‘Secure DNS.’ The former will check if pages & also downloads you may run into are actually dangerous.
It then builds on that data & provides protections specific to a given user. Google explains further that Safe Browsing makes anonymous this data quite quickly in order that it will not continue to be connected to your account for very long.
The latter described feature, ‘Secure DNS’, is designed to upgrade users to DNS-over-HTTPS – which can be achieved either through their current service provider or, if required, one of their choosing, in order to better protect privacy online.
In a blog entry this Tuesday, Kenji Baheux, Chrome’s Product Manager observed that the feature took 2 years of “gathering test data, listening to feedback, & addressing some misconceptions” to make it fully a reality.