| ▲ | Someone1234 6 hours ago | |
Password hashes are one-directional lossy storage. If a password manager "hashed your password" it would be essentially deleting your password and replacing it with something else which cannot be used to log into anything. The password MUST be recoverable to plain-text to replay it to a website. But you're correct that Chrome, Firefox, Edge, Lastpass, BitWarden, even Keepass have the same issue. It is an Operating System limitation, not a password manager problem. | ||
| ▲ | Sohcahtoa82 4 hours ago | parent | next [-] | |
I think the catch is whether the passwords are unencrypted in memory constantly, or only during a short period when the password is being used? | ||
| ▲ | busterarm an hour ago | parent | prev [-] | |
I never said that they should be hashed, just that they aren't. Just subtly pointing out what the tradeoffs are if you choose to use a password manager whose storage/access is basically always available. At least with Keepass it's locked in an encrypted store and only available exactly when I need it to be. I can take other precautions if I want when I want to access it. With your browser's password manager you're stuck with the slop you were given. | ||