Conversation
Notices
-
@thatbrickster
>Chrome has the option to wipe stored passwords when clearing browsing history.
>Tell me that isn't poor design
Speaking of bad design there's no option to tell chromium to always clear everything when closing it, maybe because per default it never really closes itself.
As for password storage browser design, I wouldn't mind much password browser extensions for such usage if there wasn't any JS or equivalent in browsers.
But even tho it was the case users must know how to manage a simple copy past of characters in a specific fields. And sadly we are far FAR away from even this very simple task. @lnxw48a1
-
I switched to KeepassXC because of the browser extensions. However, once the extension checks and finds out there’s an updated version of the password manager, it refuses to connect to the old version. I need to file a bug, because I’m not about to install software that is not in the standard OS repositories.
-
Meanwhile, I still have KeepassX installed, so I think I’m going back to it.
Or, interestingly, there is now a version of Bruce Schneier’s Password Safe in the Debian & Ubuntu repos. I might switch over to that.
-
>KeepassXC
I do not recommend the usage of KeepassXC.
-
@orekix @lnxw48a1
>what's wrong with it?
As far as I read in the bug reports on Microsoft Github the browser extension has brought a number of security issues and still continues, that is why the keypassX team has not implemented that function.
-
There's also regular Keepass, (keepass2 in Debian and Ubuntu), but it is based on the Microsoft dotnet platform, so it requires Mono. I try not to install #Mono on any non-Windows platforms (and it really isn't needed on Windows, since much of dotnet is already installed.
-
)
-
@mangeurdenuage @orekix@anime.website
> bug reports ... Github ... browser extension has brought a number of security issues ...
I haven’t checked. I’ll look soon. There are also some security risks involved in copying to the system clipboard, which is why finding a password manager that could directly talk to the browser became an issue.
-
@mangeurdenuage From what the KeepassXC site says, development in the KeepassX project is nearly dead. Not saying it is true, but there were a lot of fairly old patches awaiting action when I looked.
-
When working with family members and personal friends, telling them to use a copying and pasting password manager instead of the browser’s built-in password remembering function (or using the same password everywhere) is a losing battle. It is necessary for a good pwdmgr to have such extensions for browsers and certain other software.
-
>development in the KeepassX project is nearly dead
I'm not gonna look for the rant some anon said a few years ago, so I'll resume it like hits, it's not because a software is not constantly updated every week that it's dead.
>telling them to use a copying and pasting password manager instead of the browser’s built-in password remembering function (or using the same password everywhere) is a losing battle
This is what happens when software wipes the ass of users too much. But I understand your position I have often the same issue.
-
@mangeurdenuage There are also some sites that try to prevent copy-pasting passwords. I think PayPal does this when people are changing passwords. It's evil, but if users have #JavaScript / #JabbaShit activated, sites can do things like this.
I do agree that users need to be willing to think and to learn something when using computing devices. Trying not to have to think, not to learn something is a direct highway to having someone else do all your thinking and make all your decisions and choices for you.
I also think developers and companies like to change the UI and the way users interact with software far too often. No, you don't need to follow this year's appearance fad like you followed the fads of the year for the past 2-3 years. Leave things alone for a few years.