I would have expected visiting from desktop web to tell me what the desktop counterpart to this mobile app is (probably either a call-to-action to install Firefox to use with this companion app, or a call-to-action to create a Firefox Sync account to store my passwords). I'm not going to type my hundreds of passwords from scratch using my iPhone keyboard; I'm going to want to import them from LastPass / Firefox / Chrome / Safari / Edge / 1Password / Bitwarden.
First, if there isn't a Chrome plugin, it's not going to be of much use to me. I still use Chrome on my laptop (for a multitude of reasons) and if Lockbox doesn't interoperate with it, it's not a useful tool.
Second, I worry about the longetivity of the project. Other than Firefox, Mozilla is not known for their long-term support of consumer products. Persona? Firefox OS? Thunderbird? I don't want to switch to a product that's only going to be retired in a year.
> if there isn't a Chrome plugin, it's not going to be of much use to me
Working on it! We have to get the webextension working in Firefox first, then we'll branch out to other browsers. (Contributors welcome, btw: https://github.com/mozilla-lockbox/lockbox-addon)
> I still use Chrome on my laptop (for a multitude of reasons) and if Lockbox doesn't interoperate with it, it's not a useful tool.
Well, you can import Chrome passwords into Firefox pretty easily, and set up Firefox Sync, and then you've got all your (Chrome) desktop logins on mobile. Not ideal, but works.
> I don't want to switch to a product that's only going to be retired in a year
Sure, I definitely understand. I've personally worked on Persona, FxOS, Test Pilot, and Screenshots (and now Lockbox). IMO Mozilla has gotten steadily better at shipping new products, and once we get Lockbox integrated into desktop, it'll have really good chances of long-term survival.
Besides, any new startup might go away; at least with Mozilla products, you can be sure we aren't going to do anything sketchy with your data.
Finally, I'll point out that, if you try Lockbox, it'll give Mozilla's management good signals that they should keep investing in Lockbox :-)
As for Chrome, since Lockbox is an explicit move to extend Firefox Sync's utility beyond just Firefox, I wouldn't at all be surprised to see a browser extension at some point in the future. However, I have no actual knowledge of the Lockbox team's roadmap. Just seems reasonable. :-)
Heck, all the APIs (and repos) are open, so someone sufficiently motivated could build that right now.
Yeah, but Google sunset a mail app last week so... You never know.
Now I wonder what does lockbox bring to the table because my passwords I already shared between mobile and desktop through sync ?
Ah, I see. Google chrome gets access to it.
Lockbox makes those passwords accessible outside of Firefox. It implements Android's autofill API, so you can, for example, use it to log into native apps on Android. You can also use it to access your passwords when you're using other browsers, which is especially important with the rise of in-app browsers.
> Yeah, but Google sunset a mail app last week so... You never know.
Yeah, but the mail app Google sunset wasn't a core product offering, so... You never know.
It basically allows you to use your FF passwords in your local apps
There are many reasons to want to use different browsers:
* Your spouse prefers a different browser
* Firefox doesn't work as well on MacOS as Windows/Linux
* You need to use multiple browsers for testing
* You currently use Firefox everywhere, but don't want to be locked into that decision.
The only reason I don't use Firefox Sync is because I don't want my password manager tied to single browser. I would have pounced on this in a heartbeat if a chrome plugin to Sync was available a year ago.
Just installed on Android. After syncing to my account it shows "no entries found", even though I have hundreds of saved logins in my Mozilla account.
Tried disconnecting my account in order to re-add it again, and can't find a way to do the latter. It just keeps showing the "Disconnect Firefox Lockbox" button, even though it (presumably) is already disconnected.
Will check back in a couple of months to see if it's more fully-baked. But right now this feels pretty pre-alpha.
Regardless of those issues I think the app looks great! Thanks for your efforts
As long as it's clearly and openly communicated what telemetry is collected, I'm fine with an app collecting whatever information they want: I get to make the decision on whether I give up that information by (not) installing the app.
I long ago abandoned browser password managers due to awful security practices like storing passwords in plaintext in my browser profile. Bitwarden is full of features and works everywhere, too.
That being said, I agree with your critique. I am a 1Password customer and enjoy the fact that there are two passwords for my account (rendering keyloggers worthless).
Based on IPFS so seems like your entire privacy rests in crypto
App works well but it doesn't seem like there is interest in making this general purpose, maybe because of the software stack choice?
Standard files: https://standardfile.org/
Standard notes clobbers data if two devices make offline edits :(
This has actually become a core competency of Mozilla thanks to the infrastructure laid out for Firefox, which I think will be leveraged in their product strategy going forward.
They also generally do a good job with UI, which is not true of all open source solutions. This may not be crucial for devs, but it's crucial if we want to share passwords with the non-devs in our lives.
But there are a few more features that are necessary to make this truly standalone (these comments are based on the iOS version):
- ability to create a Firefox sync account from this app.
- ability to add entries in this app and manage them.
- ability to import credentials from other applications (like 1Password, BitWarden, Lastpass, etc.).
Real Firefox is forbidden from being in the Apple AppStore, and only AppStore apps are allowed to sync with the iCloud keychain, so this is the next best alternative permissible in Apple's garden.
I left Chrome after Chrome 69's sign-in changes; however innocuous the intent, it unexpectedly left me with bookmarks syncing between work and home machines. Which was privacy-undermining, certainly, but more pressingly made finding anything a tremendous hassle.
Keeping multiple password suites segregated has become increasingly irritating also, particularly when I want access to both suites on one phone. The easiest answer so far has been to use different password management services for different sets, which is an absolutely silly way to choose a tool.
At this point, I'd take any trustworthy browser and password manager with strong tools for controlling where different pieces of information are synced.
My big thing is the integration of the Yubikey, which is almost mandatory. Bitwarden has this, but their recent security assessment had a showstopper, as far as I'm, concerned:
'BWN-01-010 – Changing the master password does not change encryption keys'
If Bitwarden gets that fixed, I'd jump ship instantly. Otherwise, I may play with Firefox Lockbox and see where that gets me.
> An option to rotate the encryption key and mac key has been added to the change password operation. Rotating the keys will generate new, random key values and re-encrypt all vault data with these new keys.
I've been burned by dropbox synced keepass password management before...
But 43mb for password sync app?? Is it not too much?
Born in '88 for context, the smallest primary storage device I can remember using was a 20mb HDD on a hand-me-down 486 I got one birthday.
This means, for example, even if you browse with Chrome on Android, you can still access and auto-fill all of the passwords you have saved in your desktop Firefox.