Why is password sync in browser bad? Care to explain? I hate to have another password application; Dropbox sync t everywhere.
Remember Firefox sync encrypts everything before upload. So does chrome.
At rest the data isn't necessarily encrypted. Also browser hacks are a dime a dozen. It is the most exposed interface on your computer.
You are freely executing untrusted code from unknown parties, coming over insecure and unencrypted channels. You really can't be sure who is sending HTTP.
And don't talk about sandboxes. There is a sandbox escape fix in every version of Chrome. This isn't on google, there are way more attackers then fixers.
Basically webbrowsers are under constant concerted attack by every single bad actor out there. And you trust them to sync and secure your passwords?
Well, for one, for most of the life of your browser, it took no security for anyone staring at your desktop screen to read plaintext versions of all your passwords. (Yes, physical access is complete access and all, but there used to not even be a casual attempt to prevent someone from stopping by your PC when you stepped away having a look at your passwords quickly.)
Later versions of Chrome, IIRC, will trigger a UAC prompt on Windows before displaying passwords, or something similar.
It's also generally been trivial for software to mine saved passwords from all browsers. I'm not fond of password managers personally, I prefer outright memorization, but password managers generally at least try to keep their contents secure, usually.
You are freely executing untrusted code from unknown parties, coming over insecure and unencrypted channels. You really can't be sure who is sending HTTP.
And don't talk about sandboxes. There is a sandbox escape fix in every version of Chrome. This isn't on google, there are way more attackers then fixers.
Basically webbrowsers are under constant concerted attack by every single bad actor out there. And you trust them to sync and secure your passwords?
You have more faith in humanity then I.