Quote:don't store your passwords on your browser
The security conscious should read this:
Quote:In this paper we surveyed a wide variety of password
managers and found that they follow very different and
inconsistent autofill policies. We showed how an evil
coffee shop attacker can leverage these policies to steal
the user’s stored passwords without any user interaction.
We also demonstrated that password managers can pre-
vent these attacks by simply following two steps - never
autofilling under certain conditions like in the presence
of HTTPS certificate validation errors and requiring user
interaction through some form of trusted browser UI, that
untrusted JavaScript cannot affect, before autofilling any
passwords.
Password Managers: Attacks and Defenses | USENIX
In fact, storing passwords in the browser can be fine - or it can be disaster. Find a keychain that meets the recommendations in the paper.