I feel like this question has been asked before and I found a few posts on the forum here, but none of them apply for my case or are not what I am looking for.
I am running Fedora 25 and I am using Firefox to browse the web. Since storing the passwords in Firefox and syncing them using Mozilla's cloud is not the best practice, I was planning to switch to using a password manager, but with the condition that it can integrate nicely into Firefox. I am logging into many sites per day, so copy/pasting the passwords seems to be quite a hassle.
I've read about KeePass but I haven't found a good addon for Firefox. KeeFox requires me to install Mono and the others seem to be only helpers that add the URL to the window title, so I still have to open up KeePass and search for the password and then activate the process there. And somewhere I have also read about a HTTP addon for KeePass, which exposes my passwords via HTTP, which by itself doesn't sound like a good idea, but I might be wrong there.
If someone knows a better password manager or a good addon for Firefox for KeePass that would be great.
If you don't mind using LastPass, it has a very good Firefox extension that also gives the option to auto-login whenever you visit specified URLs. Also has a phone app that recognises when you are prompted for a password and asks if you want it to auto-fill your user name and password.
Enpass - has browser isolation as well as integration, your choice. It is in the Arch User Repository and works beautifully.
Additional features include a decent random password generator, local and cloud backup - again your choice, and lots of configurable locking/unlocking settings
They had a recent vulnerability that was never exposed prior to patching release last week.
@comfreak I highly recommend last pass. The integration with Firefox is rock solid. I gladly pay the 12 dollars a year fee for it. As far as security goes, you have to think about how big a target they are. I've never heard of any compromise to master passwords that was their fault, and if you use a strong password you should have zero worries if they do get compromised since they salt and hash the password.
I use KeepassX and use the "Auto Type" feature with a global keyboard shortcut. That way I dont need to bring up keepassx, I just put the cursor in the username field and press a keyboard shortcut.
It was basically a vulnerability on the client side that allowed a malicious website to steal data. Here is their official statement and the post on Google's Project Zero. He also reported another issue few days before that, which should also be fixed now.
There is also another issue regarding 2FA which doesn't make the whole picture look much better.
Oh, I wondered, I read a recent one that they had put fixes in place and were working on more perminant fixes.
There is the thing to remember that they are essentially under constant attack but also constant probing by security researchers to make it better.
And id say they've been pretty good at responding to and fixing issues overall.
I guess the question is do you use a popular solution that's also a popular target for researches but respond fast and fix issues. Or less popular solution with similar issues not yet discovered?
If they weren't addressing the issues they'd be done.
Id say it probably comes more down to what you want than anything.
I completely missed your post. Enpass looks interesting but from what I've read, they seem to provide their own browser instead of an addon for Firefox etc. which is what I am looking for.
I just installed it from Mozilla's site and noticed that their version is a lot behind actually. The changelog that popped up mentiones version 4.1.x while on Mozilla's site you can only get 3.3.x. Is there a reason why there is such a big delay?
I remember hearing something about the acceptance process being slow. ublock has/had a similar problem and i imagine a number of plugins that have somewhat frequent updates.
keepass has firefox plugins i think. But I don't think any of them have been properly reviewed in any sense? It would be good if it could get code audits or some assurance program for plugins.
KeePass with the Firefox KeeFox/KeePassRPC plugin is your best bet. KeepassX works too but the plugin doesn't work well enough. We've vetted it for use at our company, among several alternatives it was the only one which passed.
We mainly needed it to be GPL licensed, offer an easy integration plugin for firefox, have recovery key options and allow sync with a server and allow us to write plugins for it easily.
