-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrate password checkup into Brave #12001
Comments
here is one option that doesn't require any calls to google:
this is conceptually very similar to safebrowsing |
I agree that we should implement that in Brave. The Chrome feature requires connecting the browser to a Google Account.
That step could use Cloudflare Spectrum for extra IP-address privacy. |
Here's the code we'd likely have to replace in Chromium to switch to a different password check service: https://source.chromium.org/chromium/chromium/src/+/master:components/password_manager/core/browser/leak_detection/;bpv=1;bpt=0 |
Edge also uses homomorphic encryption to talk to the equivalent Microsoft service: https://www.microsoft.com/en-us/research/blog/password-monitor-safeguarding-passwords-in-microsoft-edge/ |
Chrome now also makes it easy for users to automatically update compromised passwords: https://blog.google/products/chrome/automated-password-changes It uses this new API: https://w3c.github.io/webappsec-change-password-url/ |
chrome://settings/security has a feature (on by default IIRC) that warns if your credentials have been exposed in a breach:
we should look into enabling this in Brave. the Chrome implementation sends a hash of your username and password to Google every time you login, which we probably want to avoid. https://security.googleblog.com/2019/12/better-password-protections-in-chrome.html
The text was updated successfully, but these errors were encountered: