Vivaldi password account not secure



  • Hello,

    When installing Vivaldi for the first time, I created an account that will serve as a secondary email account. The password was created with Keepass, supposedly very strong (entropy > 250) + encryption password (extra strong) which I have no clue what is it for (read below).

    Unfortunately, this password is, how to say it, public.
    Nirsoft's WebBrowserPassView has no problem whatsoever deciphering it. This is why I have all my passwords in Keepass and deleted all of them from the other browsers. I did that the day a website opened up a window with all stored passwords from all browsers; luckily, it was from a trustable website. Or was it a software? but in this case it doesn't matter since any software can send any data to anywhere, so the distinction is not relevant.

    I thought my Vivaldi account would be safe. Moreover, there is no master password. In fact, anyone can read the Vivaldi passwords in plain text. As a consequence, I will not automatically enter the sync feature because I will have to use Keepass and delete the stored password (there's only one).

    So much for the security, and so much for the usability.


  • Moderator

    That is not a Vivaldi issue.
    All Chromium based browsers (Opera, Chrome, Vivaldi) have login databases which are encoded by Windows user account. And the Vivaldi passwords from login database are not public.

    I copied the Vivaldi profile to an other user and tried with to see with WebBrowserPassView the logins, i could not. Why? Because the database is encrypted only for the user who created it.


  • Moderator

    @tounzi If you see such website which reads your passwords, please report as a security issue! Contact your Vivaldi
    Thanks for your feedback. The Support team will look into your request as soon as possible. Please note that their working hours are Monday to Friday, 08:00 CET - 18:00 CET.



  • @tounzi said in Vivaldi password account not secure:

    I created an account that will serve as a secondary email account.

    Recovery Email doesn't need another account.
    Sorry for the data loss.


  • Vivaldi Translator

    If you consider the contents of your PC to be "public" you have a bigger security problem.

    If someone has public access to your PC, forget about any belief in security.

    As Gwen_Dragon says, if your password details are now public, please supply the name of site where it is made available.



  • @Gwen-Dragon Thanks. The issue is on my father's PC. I will look into that when I get my hands on it.



  • @Gwen-Dragon said in Vivaldi password account not secure:

    That is not a Vivaldi issue.
    All Chromium based browsers (Opera, Chrome, Vivaldi) have login databases which are encoded by Windows user account. And the Vivaldi passwords from login database are not public.

    I copied the Vivaldi profile to an other user and tried with to see with WebBrowserPassView the logins, i could not. Why? Because the database is encrypted only for the user who created it.

    I haven't had the need to share Vivaldi profile yet. I will try with my current profile/account and see if I can read the password with another PC, other OS, and other user.

    Thank for aknowledging that I use the PC I'm on now not very often but at least once a month.


  • Ambassador

    @tounzi This was a known Chromium issue and it has been documented for some time.
    Not sure if it it is something can be fixed by Vivaldi(?).


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.