Inbuilt password manager
-
I thought about this for a while. Vivaldi already stores website passwords on operating system level, just like other chromium browsers (opera,chrome). But what if Vivaldi had a real password manager baked into the browser? The basics are already available – servers and strong encryption, but to become a real password manager following features would be needed:
- ability to store none website passwords (any information really)
- additional master password for the manager, different from Vivaldi sync/account password
- strong and truly random password generation
- a dedicated internal Vivaldi password manager page to manage, view and manipulate storage.
- probably additional apps to access the password manager on mobile, as long as there is no mobile Vivaldi browser.
Personally I'd welcome this addition, until then I'll continue using a third party manager to do the job.
-
@luetage Master Password request is already there.
-
@pesala Didn't find the master password one. But none of these topics requests a real password manger. Vivaldi is no password manager at the moment. What I am talking about is a feature and security equivalent with the likes of lastpassword and bitwarden. No current browser I am aware of provides this and the current chromium way of handling things is just no good basis to go forward (no improvements to this system will make it any more useable).
-
@luetage said in Inbuilt password manager:
strong and truly random password generation
Fun fact: there are already flags for this:
vivaldi://flags/#enable-password-generation
(and others if you search for "password")However, having tried it, the passwords generated aren't nearly as long as those from my dedicated password manager, and don't seem to be configurable.
-
IMO passwords and login credentials are too sensitive to give it to a browser (even if the browser is more than that, if your feature become true). Browsers are one of the most "attacked" software and with this feature it's one more reason to search for
I think, it's a good way to separate passwords from browsers like you shouldn't do online banking from the device, with which you get your additional TANs
And because some of my programs need a login too, is it currently possible for the browser to access another program? -
I am not sure, if I get the problem right, probably I dont. Firefox and Seamonkey have a build in password manager.
-
@luetage many agree with the chromium way to use tested platform specific resources as much as possible.
Having the manager separate from the browser limits the exposure of secrets.On macOS the Keychain is used.
For Linux there are 2 implemented backends, but this seems to converge in the near future.
On Windows there is just no generic (secure) password storage facility (yet).Porting/Creating a standardized secret consumer/storage interface for Windows would be a task for Microsoft.
Vivaldi could however open/standardize their sync framework for other applications. -
@becm " the chromium way " is not secure. Please see:
https://forum.vivaldi.net/topic/23417/security-of-chrome-login-manager-compromised/12Microsoft does have an "Authenticator" app. It is rated highly but I have yet to figure it out (it always times out).
And I doubt it could be integrated into V, though I guess it could be used as an app on your smartphone for 2FA, providing you have a smartphone.
I am looking for other options... -
@derday With all due respect, any password manager is higher on the list of any hacker. To argue that browsers are vulnerable without mentioning password managers is short sighted. Personally I'd place search engines (Google, Yahoo. Bing) and password managers as probably more likely to be the target of hackers than browsers. I'd like to see V to have a built-in password manager.
-
@para-noid said in Inbuilt password manager:
@derday ...To argue that browsers are vulnerable without mentioning password managers is short sighted...
I Agree. There have been managers that have had breaches. I was just commenting on Browser specific managers.
Personally I'd rather generate and store passwords in some Local encrypted Database (SQlite? OpenDocuments Base? Access?) as I am finding I have far too many for my four active brain cells to remember...
Trying to work on my own version but I just dabble in programming and may never get there. -
@para-noid
if you look at users who use an online password safe (eg lastpass), then I might still agree with you. But I don't think there are more users using an offline-manager (eg keepass) than Chrome/Firefox users using the integrated password manager.
But everyone has their favorite solution -
User of keepass (win)/keepassxc (linux). Keepass has been audited some years ago, it's sole function is to generate/keep offline passwords. AFAIK it is doing its job well, and is often the recommended application.
Don't see the need to implement such function within the browser. -
So, is it Vivaldi's aim to enhance and extend its password management capabilities to match the likes of KeePass(XC), Bitwarden, LastPass, etc.?
- Configurable password generator
- Cloud storage of password database
- Credential categories/types
- Folder structure database
- Partial sharing of credentials
-
I also vote for this. Firefox will soon launch Lockwise, I think Vivaldi should also offer a secure password manager. I don't see why people have to depend on third party password managers like LastPass and Roboform.
https://www.ghacks.net/2019/05/29/mozilla-releases-firefox-lockwise-formerly-lockbox-add-on/
-
@luetage said in Inbuilt password manager:
strong and truly random password generation
Well it seems Vivaldi can generate passwords now. However, I want an option to disable this. I never plan to use Vivaldi's random generator, and this popup blocks page content. Whatever features are added, I'd like an option to disable them (though of course they can be enabled by default to raise awareness). This is
Account creation page at https://courses.edx.org/register:
-
@ukanuk
I don't get this suggested password feature either in my normal profile nor in a guest window.
So either an extension does this for you or you enabled this with a "hidden switch" because it's not default
perhaps I don't get this suggestions because I disabled the internal password manager? -
@derDay said in Inbuilt password manager:
perhaps I don't get this suggestions because I disabled the internal password manager?
That would be my guess. I do use the built-in Vivaldi password manager for a couple websites where I visit regularly but can't be bothered to memorize the password, as they're just sites for social interaction not financial stuff.
-
@Gwen-Dragon said in Inbuilt password manager:
… that shows only in a form field password with Right Mouse Button → Suggest Password...
Weird, I've never noticed that "Suggest Password" option on the right-click menu. But when I try on a fresh default standalone install of Vivaldi, I don't get the popup password suggestion either. When I try on my main installation, I get the suggestion popup anytime I left-click in the password field or
Tab
into it from the Public Username field.Maybe I need a profile reset or something.
-
I definitely welcome this. Firefox now has Lockwise which is a good start but it's not really a passwordmanager for anything else than browser-logins. I would like to see Vivaldi actually create a passwordmanager that could save application passwords, credit cards etc and sort them in different categories just like 1password, Enpass or similar and then have the option to use extensions in other browsers and standalone apps for mobile devices and desktops. Google passwords kind of does a little of this too, it saves application passwords and also chrome-passwords but Google doesn't have a password "manager". I feel like everyone is falling short of having a passwordmanager that is really useful. If google would create a standalone app for passwords, I'm afraid most people would jump ship as long as there's nothing that's already better. Vivaldi, you have your chance to make the best password manager ever imo
-
@luvis Be far easier to use a dedicated password manager on the local system rather than in the browser.
Passwords and credit card numbers in particular should not be in the browser itself.There are security issues which may arise.