Closed anaelChardan closed 6 years ago
Sh1d0w
commented
8 years ago +1 for the idea. If Brave team thniks that is good idea I am referencing a cross platform package that could be used to do the job (Working with Apple keychain, Gnome keyring and Windows Vault)
anaelChardan
commented
8 years ago Thanks, ah yes thank you, I hope that it could help them :)
diracdeltas
commented
8 years ago we already use keytar for storing the master password, which is used to encrypt login passwords. if you open Apple Keychain, you should see an entry called 'Brave' with account name 'login master key v2'; this is your master password, without which Brave cannot decrypt any of your passwords. so ultimately the security of your passwords depends on the OS, which is ideal (same as what Chrome does).
when i implemented this, i considered storing login passwords themselves in Apple Keychain. however, i think this would make for an overall worse user experience. instead of having our own user interface for password management (about:passwords) that only shows the passwords stored in Brave, the user would have to directly use the system keychain interface, which is less-friendly for most people.
another problem (less likely) is that if the user doesn't click 'Always allow' the first time the keychain prompt comes up, they will have to unlock their keychain again every time to save/modify a password.
anaelChardan
commented
8 years ago Hi, ok fine :) but what I ask is used the Apple Keychain to store passwords using the Brave interface like Safari does. With this feature, an old user of safari could use all his passwords made by Safari. If I take my example, I don't know the majority of my password because its Safari which managed them for me and stored in the Keychain.
Thanks :)
bsclifton
commented
8 years ago @anaelChardan I think that is a reasonable request, but it's definitely not on our roadmap (yet). I'd encourage you to think about how you'd like it to work in detail (all the use-cases, how it looks in the UI) and maybe make a proposal
For example, we could update the about:preferences screen only show a new password manager option, "Apple Keychain" if you're on Mac (simple check for process.platform === 'darwin').
And then like @diracdeltas pointed out:
It would be slick if folks could make the switch over from Safari and not have to change anything; their credentials for their favorite sites are already in their keychain
bsclifton
commented
8 years ago I went ahead and removed the "won't fix" label for now... It's likely we won't prioritize it anytime soon for the reasons @diracdeltas mentioned (that, and there are bigger fish to fry)... but I'd encourage you and the community to look at adding this functionality (and uncovering what challenges there would be) :smile:
Also, share the issue with folks and get them to give it a thumbs up
anaelChardan
commented
8 years ago Hi @bsclifton, thanks for your answer and @diracdeltas too (I forget on my last message) :)
I totally agree with your answer and indeed you're right the aim would be to "not have to change anything after switching from Safari."
Moreover: I'll try to give you a scenario of how I would like to choose how to store my password using the Apple Keychain.
Finally: I'll by happy to help you by adding this functionality but I don't know NodeJS at all :/, however I can try to take a look.
PS: Thanks for you work and continue :-)
diracdeltas
commented
8 years ago An issue we are more likely to prioritize is migrating safari passwords from keychain into the Brave password manager.
anaelChardan
commented
8 years ago Yes, it's a good idea too :)
bradleyrichter
commented
8 years ago Based on what we have and our approach to password manager choices, (1 at a time) I agree that importing them is the best we can do and should be included in the data import task. Due to security constraints, this may have strings attached though.
dimitris-t
commented
8 years ago Hi, I would like to re-iterate the points made here: as a Mac Safari user with all my passwords in the Keychain, I can't use Brave. A migration path would help!
duvrai
commented
7 years ago This issue is a big barrier for Brave to becoming a primary browser for anyone using iCloud between multiple Apple devices.
iCloud is used to transparently sync Apple Keychain passwords and credit cards between macOS and iOS devices. Because of its ease of use and integration it has become an important everyday feature. Currently, to transition to Brave I would need to learn and migrate to another password manager that would be less integrated, and then I would be stuck with 2 password managers, because iCloud Keychain is also used natively by iOS and macOS and by any native third party app that wants to store a password correctly. The current situation also forces me to transition to Brave and a new password manager on all my devices at once 🙁
With iCloud soon having a billion users, this feature could lower the barrier to switch for a lot of people 😉
spacemonkey
commented
7 years ago Adding a +1 to the need for supporting the OSX keychain, without it Brave is flying in a no-go-zone for large businesses and enterprises, especially in regulated industries (government, finance, legal, medical, comms...).
I've only used Brave for a week now and really enjoy it, but can't even talk about it at work until it supports the OS-managed password service (keychain on OSX, no idea on windows).
Will look around and see if I can help put some meat on this skeleton :-)
bsclifton
commented
7 years ago @spacemonkey if you do decide to grab this issue, let me know 😄 I'd be more than happy to help get you up to speed on any area of the code
NumDeP
commented
7 years ago Sh1d0w
commented
7 years ago It will be really nice to have Apple Keychain as a password manager, because as Brave is privacy oriented browser, I do not want to share my passwords with insecure third party password managers.
HLFH
commented
7 years ago @Sh1d0w Do you consider also the open source solution Bitwarden as insecure? Brave supports it. I strongly agree with you that Apple Keychain support is a must, but at least meanwhile, Bitwarden is a good compromise.
brokeharvard
commented
6 years ago +1 for wanting Apple Keychain as password manager
chrismatheson
commented
6 years ago Just to share my research on this feature. . . .
keytar can access the OSX keychain, however (as far as i can tell) it does not allow / enable access to the credentials saved as internet passwords, which would be pretty much everything required for regular use / interior with the OSX /iOS ecosystem.
https://www.npmjs.com/package/keychain under the hood uses the /usr/bin/security CLI which can interact with eh keychain in a much more fine-grained manor and access internet passwords. However i don't seem to be able to find out how to access passwords stored on the iCloud keychain (my main keychain) so again, this would technically deliver the future but not in practice, as most people will be using iCloud keychain (i would assume)
im still researching so any input is greatly appreciated .... once i can access the passwords on my own system i will tackle the integration to brave browser....
diracdeltas
commented
6 years ago @chrismatheson thanks for looking into it.
one thing to note is Brave is in the process of migrating to a chromium fork: https://github.com/brave/brave-browser. since this task is fairly significant, we would probably not accept it in this repo unless it is easily portable to the new repo.
implementing it as a password manager extension is probably the most portable way to do it, but the extension would not have direct keychain access. so you could take the approach of 1password and implement a binary which communicates with the extension. (the user would have to install the binary separately from Brave)
chrismatheson
commented
6 years ago @diracdeltas good to know, so in migrating to a chromium fork would mean no native node modules?
diracdeltas
commented
6 years ago @chrismatheson that's right, we aren't planning on supporting native node modules
tomotvos
commented
6 years ago While I would definitely +1 direct support for the Apple Keychain, for all the benefits highlighted above, I would also be very happy to have an import process in the interim. I want to use Brave constantly, but in the first week, it has been a real pain re-entering passwords for all the (very) many sites I interact with. It is a painful user experience.
bsclifton
commented
6 years ago Closing as wontfix for the reasons @diracdeltas mentions above (we're moving over to brave-core
I created https://github.com/brave/brave-browser/issues/820 to track the feature request there 😄
Did you search for similar issues before submitting this one? Yes and I did not found a similar one
Describe the issue you encountered: Not really an issue, an enhancement :)
Expected behavior: I Want to use the apple keychain as Password Manager.