That turns all users into a greater threat in the case of any bugs in the server. Makes it easier for the service to get DOS'd by authenticated users, and so on. Allowing on user to be more insecure, makes all users more insecure.
Unfortunately even privileged users (that have authority to change the permissions or possibly passwords of other users) can still use weak passwords.
A better solution would be to have your browser prevent you from reusing passwords (it only needs to keep hashes).
If the web browser is governing the passwords you can and can't have, and forcing you to have unmemorisable passwords, you're better off rethinking the whole thing. For instance, it probably makes more sense to ask the web browser to generate keypairs rather than passwords if we know the passwords cannot possibly be memorised.
I don't reuse passwords, or use a password manager. I just have a system for remembering which password to use for each website, and maintain a list of hints. And I have a pretty terrible memory. But having had the password I used to re-use across a few (non- critical) sites show up on haveibeenpwned it's what works best for me.
Firefox is great in that regard: when you fill in a signup form it will automatically suggest you a long, generated password, and will then store it for you.
This is news for me. I've been using a local password manager for ages and disabled any browser form support since maybe the last century so I missed all those new functionalities. I'll keep using my password manager anyway, it's not only for the browser and not only for one device. I sync the db across devices with Syncthing, I don't login into any browser cloud sync.
That is not really unique to Firefox, right? Safari does it as well and I am pretty sure Chrome does it too (I am not a Chrome user, so I can't check).
It’s still better than using the same few passwords everywhere or having a system with the site name. Because you need only on website vulnerability, which is quite common, to compromise your passwords. It’s better to have a single unlikely point of failure than many guaranteed points of failure in my opinion.
Chrome has a password manager but the key is stored for you, which is less secure because it’s not using a HSM (hardware security module) as far as I know.
Your single point will be compromised. Someone gets access to your system they now have access to all of your passwords. Your password manager is hacked. Your device dies. Putting your eggs in one basket feels like a smart thing until you lose that basket.
I agree it’s not perfect but what is your better solution? My email and some passwords have been collected at least 8 times according to https://haveibeenpwned.com/
A password manager with multiple factor authentication sounds better to me.
It's not new tech, but now that two huge players have put it in the hands of millions of users, it should pick up speed.