zlacker

>>akyuu+(OP)
There was a time when Firefox felt a lot slower than Chromium, but for a few years now it's been close enough (even if still somewhat slower) to not bother me, while Firefox clearly offers superior functionality and much better performance under high load. The last time Chromium has felt attractive compared to Firefox was a really long time ago. Glad to see it moving in the right direction still.

>>seba_d+35
I switched to Firefox from Chrome years ago because Chrome was slower. Specially, when there were many tabs opened, switching tabs in Chrome were usually prefaced with a blank white screen for about 2 seconds.

I've been staying with Firefox not for the performance (today Chrome loads Google sites like YouTube faster), but mainly for Tree Style Tab extension. I couldn't imagine opening more than a dozen of tabs without it.

>>beltsa+Lz
I've stayed (edit: with Firefox) because of (1) containers and (2) password storage. I have to use Chrome for some things, and every now and then it prompts me for a password and refuses to use the auto-fill. Totally torques me off because my passwords are not easy.

But I completely trust Firefox on the password issue, to the point that I let it generate them for me.

>>dhimes+Qx1
>But I completely trust Firefox on the password issue, to the point that I let it generate them for me.

Not that I don't trust them but I always recommend using a dedicated PW manager like KeePassXC which is FOSS and has been security audited, plus it gives you full control over where you get to store your PWs and how they're secured and generated.

>>Firmwa+Bz1
I'm even stricter than you. I use a password manager, but on a separate device from where I use passwords and it does not talk over the network.

Wen I use a password, I look it up and type it in by hand. No autofill is possible, intentionally.

>>JohnFe+GI1
That doesn't bypass keyloggers

>>LtdJor+BP1
True, but keyloggers aren't one of the threat vectors I am most concerned about, and as mcpackieh said, it still limits the potential damage quite a lot.

We all have to gear our security mechanisms toward our particular threat assessments.

>>JohnFe+wR1
What is your biggest concern? I would think key loggers are a more common threat than attacks on the password manager directly, especially if you're running something niche. What else do you gain from keeping it air gapped?

>>seti0C+e02
Keyloggers rank low for me because I'm only using my own devices that I have physical control over, so a dongle is unlikely. A keylogger would have to come in through malware.

That's certainly possible, but if malware were able to get installed despite my other protections, then I probably have much larger issues. And the keylogger would have to phone home with the data, which is unlikely (but not impossible) to happen without raising some alarms.

So I'm more worried about sharing data with the password management company systems themselves. If there's no real reason to send data over the net, then I don't want to send data over the net. The smaller the attack surface, the better.

It's just my personal policy. In reality, I don't consider either keyloggers or password management company computers to be huge enough risks that I lose sleep over them. Plus, I don't want to become reliant on a particular piece of software to do important things -- typing my password by hand means that I'll have the most common passwords memorized, so if something goes wrong that prevents the use of the password manager, I'm not locked out of anything.