Password manager with Firefox integration

It reads the title of the window, which works fairly well since Firefox puts the current select tab in the window title.

1 Like

Under ubuntu-gnome, KeepassX 2.0.2 works fine and auto-completes in any webrowser or program login (steam). Under each entry there is an auto-type function where a window titles is selected, then I usually put a wildcard (*) at the end as a catch all.

I back up the database to an encrypted usb. I have about 30 accounts on in it.

Nope. They have a standard addon (just like adblock, speeddial, etc) for Firefox. I have used it for many moons; works great. What I like about Enpass is that the web integration is optional and you can configure it on the fly. So you can have it off most of the time and only turn it on when you need to send credentials. You can use Enpass with no addon as well if you like, or you can have it on all the time. It is very well done.

Enpass has local backup - with or without encryption. Enpass also has server sync to Dropbox, Google Drive, OneDrive, Box, local folder, and WebDAV/Nextcloud.

I have been using KeePass for about a decade. A bunch of the early entries are from 2007. So I have been using it for a long time. I have about 200 entries in the database, and I would be lost if I lost or corrupted the database. I will have to figure out a backup plan for that.

I store the database in my Dropbox. It isn't ideal, in terms of security, but it is very convenient. I have access to the database from any computer or my phone at any time. I think Wendell mentioned that there is a security flaw with the database, but I can't recall the specifics. I remember it bugged me, but eventually I let it slide.

I also use LastPass in Chrome. A few months ago I went through that database and cleaned out a bunch of the more sensitive accounts. I did this because LastPass has had security problems that bothered me quite a bit. The cloud, after all, is just someone else's computer. I don't know how much I trust LastPass. They seem to have had a few too many security problems recently.

So I, too, am looking for a way to integrate KeePass with both Chrome and Firefox. The official website has a list of browser integration plugins here: http://keepass.info/plugins.html The two I was looking into were PassIFox and ChromeIPass. I've been meaning to experiment to see what works best.

Sounds interesting, but I wish it was at least open source.

That looks like a better option to KeeFox, but it has over 300 issues on GitHub and some of them sound like the browser can crash easily, especially in connection with Privacy Badger which I am also using.

Maybe if you ask real nice ...

As far as that is a concern. Keep your keys on a flash drive and don't use the plugin. The developers are very careful with passing keys, wiping the clipboard contents, clearing memory and such. The software is evolved enough that I don't think the developers would annihilate their reputation by storing personal keys. It is not worth it. I guess you can give the documentation a read and get a sense of whether or not you feel you can trust the dev's to really do what they say.

If you use the plug-in though, you really have larger concerns with any browser then the password manager itself. All of the browsers need serious work.

It's not that I wouldn't trust them, but that they might have missed something. Even if my best friend made the tool, I would want to look over the code or have other people look over the code, in case they see an edge case that the devs might have never thought of.

I get that.

My coding abilities in the areas of memory security are so rusty I wouldn't trust myself. It would have to be quite the shit show before I would likely find a real issue.

This isn’t an endorsement, but I think worth mentioning.

The 1Password app, originally from macOS, has a Linux version as well as a cli tool in development… Not sure if that’s exciting or terrifying.

Presumably, the browser plugins would work on the various supported platforms…

https://blog.agilebits.com/2017/09/06/announcing-the-1password-command-line-tool-public-beta/

Some people might say that you shouldn’t trust a closed-source/proprietary password manager and I guess Linux people are not prime candidates for that. :wink:

Looked at bitwarden? Thats one ive been trying out recently.

1 Like

How are you out liking it?

It does the job quite well so far. Its supported on a lot of platforms, you can now host it yourself (container), and the developer is pretty responsive to you. I think it will continue to improve. It would be good to have a code audit or similar, but its also open source so should be easy if someone wants to, or someone wants to pay for it.

2 Likes

Yeah, like I said, not an endorsement. I just found it interesting that they decided to make the leap to Linux and CLI. How many Linux users are going to spend $50 on a password manager? It’s a weird move.

1 Like

I think they’re targeting the hipsters who use Linux on their mac to be “trendy” and unique. They probably don’t actually care about free software, so they’ll buy it because they used it on their mac.

Bitwarden looked very similar to LastPass and I was about to close the tab, when I saw that they have a host-it-yourself option. It’s in beta, but looks promising.

I think I will give it a try and see how it works out. :smiley:
Thank you already for the tip! :+1:

2 Likes

Yep, I’m actually deploying it in openstack right now for testing, hopefully optimistic about this one!

Only thing I’m not thrilled about is that it uses the absolutely proprietary MSSQL as a backend :frowning:

I am also not quite happy about the fact that you need to register with them in order to host it on your own server. :thinking:

Ah, haven’t got that far yet. That’s probably how they get around the whole “enterprise deploying it on-prem” situation, which is more or less what I’m testing for.