xbrowsersync/api

Question : When do you plan to implement Form.Data/Password storage as well as bookmarks?

mistergibson opened this issue · 1 comments

mistergibson commented

Dear Developers:

Love what you've made, but would really love a full replacement to the online sync services. For that I'd need full-on password and form data sync as well. What does your road-map say so far as implementing all that? I had heard somewhere it was in the grand plan, but haven't heard much about it since.

Thanks.

nero120 commented

Hi @mistergibson, you can check the current roadmap here.

No password sync is planned, for the reasons that there is currently no [web extension API(https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API) that I can use to access password data stored in the browser, but also personally I do not believe online password syncing is a good idea and defeats the purpose of securing ones personal data. I believe a better approach is:

  • Create a password "algorithm" that you manually do in your head and can use to generate (or recall) sufficiently complex unique passwords given any input
    • For example, it might look like this: 
      (url) => {
  return myLastName + ' ' + myFirstName + '$' + mothersDateOfBirthReversed + ':' + url.host;
}
      So for www.github.com the password would be something like "Bloggs Joe$19470327:github.com", and you can use this tool to check the strength of your password (which is what xBrowserSync uses for the password strength meter under the hood!).
  • Only sync password data with services you absolutely trust. LastPass or example, has been hacked multiple times and cannot be trusted so secure your data. But any password sync service present a large and very lucrative target for hackers and should be avoided. Stay small and anonymous is the best way to ensure your online security.
  • In my case, I set Brave to store passwords but I do not enable Brave sync. Every so often I will export passwords from Brave and use 7zip to generate an encrypted archive which is then uploaded to my personal cloud. Whenever I refresh Brave or need to re-import passwords to the same or different device, I can just grab the file from my personal cloud, decrypt and import back into Brave.

As for form data, I'm assuming you mean addresses? I'm not aware that this data can be accessed through the web extension API, but in any case it's data that does not change so often (like passwords) so the case for syncing it is not a strong one as it's not a huge deal to have to re-enter every once in a while.