[h1d]

I just want to mention how insanely insecure browsers' native password managers are. It asks you password only on export but never to fill on sites and you can see which sites are saved with no authentication, you just need access to the machine physically to access them all. Why do browsers never implement something as easy as lock the vault with OS account pass after a certain period after unlocking like any password managers do?

[shawnz]

> Why do browsers never implement something as easy as lock the vault with OS account pass after a certain period after unlocking like any password managers do?

You must lock your workstation, it's not enough to just lock the password manager. If you leave your workstation unlocked then an attacker could install a keylogger that captures the password to unlock your password manager.

[echanfsw]

Convenience >> security for most people, unfortunately.

[h1d]

What's wrong with opt-in locking? Current security is a joke. Physical access and you're owned.