Where to save confidential data

According to https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage i should not use the storage API to save confidential data. There is a warning on that page:

The storage area is not encrypted and shouldn’t be used for storing confidential user information.

I can understand that warning, since the data isn’t encrypted there. But on that page, there is no hint, what we should instead of the storage API. Can someone here please recommend an alternative?

2 Likes

One solution would be to let a native app handle the loading/saving.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging

1 Like

OK. But in this case, I fear, I’m not really kind to my users. There should be a way to use only the browser, without an third party application. Please don’t get me wrong. I’m a big fan of using a good password manager. I#m an extensive user of Keepass for example. But i cant expect, that my users, use also a password manager, like i do. There must be another way.

Sure, I can do some “pseudo scrampling” like, using base64 encoding username and password for my XHR Requests, but this isn’t much more secure as storing the data unencrypted.

BTW: The above is my second account. It sometimes logs in here this old account.

Your other option would be to encrypt the data, and every time you need to access it, you ask the user for the password.
Or you could ask once when the browser starts, and keep the password in memory.
I think password managers work like this.

1 Like