Integrated to Safari from Firefox

[grandIOSe]

I have made the switch from Firefox to Safari, and I am happy with the results. I have a MBA 2015 model. It appears to be more responsive than the others that I have tried. Maybe Apple has a little something to do with that.

The only exception being that I did like Firefox's password manager better. I have had some issues with Safaris's password manager detailed in another thread, so I decided just to use keeper security instead, and there is an extension for safari.

I can't wait for the new features that are coming to safari when MOJAVE arrives. I know Apple will be making some additions, especially in the privacy department.

 

[BrianBaughn]

When I found out there was malware out there that could extract login info from browsers (and even Keychain) I stopped saving passwords in that manner.

 

[grandIOSe]

When I found out there was malware out there that could extract login info from browsers (and even Keychain) I stopped saving passwords in that manner.

There have been updates to stop that exploit.

 

[BrianBaughn]

There have been updates to stop that exploit.

In macOS itself? For all future variants? If you say so!

 

[grandIOSe]

In macOS itself? For all future variants? If you say so!

Here, take the time and read the following article. It describes how the attack was performed. Basically, attackers would create an invisible form on a website, to trick your browser's password manager into auto-filling a username and password. The hack was designed to steal emails for mass marketing / phishing etc, but it could also be used to steal passwords. A simple solution to this is to 'have auto-fill' turned off and only have passwords filled by explicit authorization from the user, either via a prompt, or by putting the cursor over the area. Auto-filling is no longer turned on by default on any password manager, and truthfully, it should never be used, unless it could be set up for specific websites with implicit trust.

https://thehackernews.com/2018/01/browser-password-managers.html

Having said this, I still think it's a good idea to use a separate password manager like 1password, keeper security, or last pass. It seems they are better at security, since that is their only job.

 

[BrianBaughn]

The explanation on this page of what Proton malware does goes beyond what you're describing, it seems to me.

 

[grandIOSe]

The explanation on this page of what Proton malware does goes beyond what you're describing, it seems to me.

First and foremost, the link that you attached, is considered to be unsafe by safari, others be warned!! Second, that is something completely different as to what I have been describing.

I was able to pull information on proton malware for mac, and it is something completely different than what we are describing in this post. If you are infected with proton, it could steal passwords, including from 1password, keepersecurity, etc.... But thank-you for making us aware of this threat, and I think its deserving of its own separate thread somewhere.

 

[adrianlondon]

I moved the other way Swiping back in various forums in Safari annoys me as it keeps locking up (briefly) then reloading the page and often changing the order of the threads, as they'd changed in the meantime. Firefox just swipes back. Plus I don't like Safari's (lack of) cookie management now that the SIMBL Cookies is such grief to hack to work.

Anyway, I'm using Bitwarden and I like it. Works in Safari too. I haven't read your other thread where you list keychain problems though - i was happily using keychain until I moved to Firefox and if I ever move back to Safari I may just move back to keychain. I had no major issues with it.

 

[grandIOSe]

I haven't read your other thread where you list keychain problems though - i was happily using keychain until I moved to Firefox and if I ever move back to Safari I may just move back to keychain. I had no major issues with it.

That other thread you are referring to describes an issue that I was having when I logged into my user account which was linked to my iCloud ID instead of using a separate password. Every time that I changed my iCloud password, Safari would lose all setting including all my saved passwords. I have still not received an answer as to why safari would do that.

 

[adrianlondon]

Ouch. I've read somewhere that changing an iCloud / AppleID password can cause grief if people have linked their OS account passwords to it. I believe they've removed that functionality, so it only works for those who linked accounts before the feature was removed. I'd suggest unlinking them.

Bitwarden works very well and it can fill in passwords that keychain refuses to, as it has the option to create custom fields. It also has customisable URL pattern matching (in case you use, for example, separate accounts for google mail, youtube, google calendar...).

 

[grandIOSe]

Ouch. I've read somewhere that changing an iCloud / AppleID password can cause grief if people have linked their OS account passwords to it. I believe they've removed that functionality, so it only works for those who linked accounts before the feature was removed. I'd suggest unlinking them.

Bitwarden works very well and it can fill in passwords that keychain refuses to, as it has the option to create custom fields. It also has customisable URL pattern matching (in case you use, for example, separate accounts for google mail, youtube, google calendar...).

I have already switched back to a regular user account, and unlinked the iCloud Id from my login user.

I will give Bitwarden a try. thanks.