Integrate password checkup into Brave #12001
Comments
|
here is one option that doesn't require any calls to google:
this is conceptually very similar to safebrowsing |
|
I agree that we should implement that in Brave. The Chrome feature requires connecting the browser to a Google Account.
That step could use Cloudflare Spectrum for extra IP-address privacy. |
|
Here's the code we'd likely have to replace in Chromium to switch to a different password check service: https://source.chromium.org/chromium/chromium/src/+/master:components/password_manager/core/browser/leak_detection/;bpv=1;bpt=0 |
fmarier
moved this from Untriaged Backlog
to P3, P4, & P5 Backlog
in Security & Privacy
fmarier
added
the
priority/P3
|
Edge also uses homomorphic encryption to talk to the equivalent Microsoft service: https://www.microsoft.com/en-us/research/blog/password-monitor-safeguarding-passwords-in-microsoft-edge/ |
|
Chrome now also makes it easy for users to automatically update compromised passwords: https://blog.google/products/chrome/automated-password-changes It uses this new API: https://w3c.github.io/webappsec-change-password-url/ |
chrome://settings/security has a feature (on by default IIRC) that warns if your credentials have been exposed in a breach:
we should look into enabling this in Brave. the Chrome implementation sends a hash of your username and password to Google every time you login, which we probably want to avoid. https://security.googleblog.com/2019/12/better-password-protections-in-chrome.html
The text was updated successfully, but these errors were encountered: