Inbuilt password manager



  • I thought about this for a while. Vivaldi already stores website passwords on operating system level, just like other chromium browsers (opera,chrome). But what if Vivaldi had a real password manager baked into the browser? The basics are already available – servers and strong encryption, but to become a real password manager following features would be needed:

    • ability to store none website passwords (any information really)
    • additional master password for the manager, different from Vivaldi sync/account password
    • strong and truly random password generation
    • a dedicated internal Vivaldi password manager page to manage, view and manipulate storage.
    • probably additional apps to access the password manager on mobile, as long as there is no mobile Vivaldi browser.

    Personally I'd welcome this addition, until then I'll continue using a third party manager to do the job.



  • @luetage Master Password request is already there.

    Other related requests



  • @pesala Didn't find the master password one. But none of these topics requests a real password manger. Vivaldi is no password manager at the moment. What I am talking about is a feature and security equivalent with the likes of lastpassword and bitwarden. No current browser I am aware of provides this and the current chromium way of handling things is just no good basis to go forward (no improvements to this system will make it any more useable).



  • @luetage said in Inbuilt password manager:

    strong and truly random password generation

    Fun fact: there are already flags for this:
    vivaldi://flags/#enable-password-generation (and others if you search for "password")

    However, having tried it, the passwords generated aren't nearly as long as those from my dedicated password manager, and don't seem to be configurable.



  • IMO passwords and login credentials are too sensitive to give it to a browser (even if the browser is more than that, if your feature become true). Browsers are one of the most "attacked" software and with this feature it's one more reason to search for
    I think, it's a good way to separate passwords from browsers like you shouldn't do online banking from the device, with which you get your additional TANs
    And because some of my programs need a login too, is it currently possible for the browser to access another program?



  • I am not sure, if I get the problem right, probably I dont. Firefox and Seamonkey have a build in password manager.



  • @luetage many agree with the chromium way to use tested platform specific resources as much as possible.
    Having the manager separate from the browser limits the exposure of secrets.

    On macOS the Keychain is used.
    For Linux there are 2 implemented backends, but this seems to converge in the near future.
    On Windows there is just no generic (secure) password storage facility (yet).

    Porting/Creating a standardized secret consumer/storage interface for Windows would be a task for Microsoft.
    Vivaldi could however open/standardize their sync framework for other applications.


  • Vivaldi Ambassador

    @becm " the chromium way " is not secure. Please see:
    https://forum.vivaldi.net/topic/23417/security-of-chrome-login-manager-compromised/12

    Microsoft does have an "Authenticator" app. It is rated highly but I have yet to figure it out (it always times out).
    And I doubt it could be integrated into V, though I guess it could be used as an app on your smartphone for 2FA, providing you have a smartphone.
    I am looking for other options...


  • Vivaldi Ambassador

    @derday With all due respect, any password manager is higher on the list of any hacker. To argue that browsers are vulnerable without mentioning password managers is short sighted. Personally I'd place search engines (Google, Yahoo. Bing) and password managers as probably more likely to be the target of hackers than browsers. I'd like to see V to have a built-in password manager.


  • Vivaldi Ambassador

    @para-noid said in Inbuilt password manager:

    @derday ...To argue that browsers are vulnerable without mentioning password managers is short sighted...

    I Agree. There have been managers that have had breaches. I was just commenting on Browser specific managers.

    Personally I'd rather generate and store passwords in some Local encrypted Database (SQlite? OpenDocuments Base? Access?) as I am finding I have far too many for my four active brain cells to remember...
    Trying to work on my own version but I just dabble in programming and may never get there.



  • @para-noid
    if you look at users who use an online password safe (eg lastpass), then I might still agree with you. But I don't think there are more users using an offline-manager (eg keepass) than Chrome/Firefox users using the integrated password manager.
    But everyone has their favorite solution 🙂



  • User of keepass (win)/keepassxc (linux). Keepass has been audited some years ago, it's sole function is to generate/keep offline passwords. AFAIK it is doing its job well, and is often the recommended application.
    Don't see the need to implement such function within the browser.


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.