How about improving Vivaldi's password manager?
-
@RasheedHolland said in How about improving Vivaldi's password manager?:
passwords aren't encrypted.
"They are",
But to access/view them.You can still access any website if you gain access to the computer and runs the V Profile.
-
ZZalex108 moved this topic from Vivaldi for Windows on -
@Zalex108 said in How about improving Vivaldi's password manager?:
@RasheedHolland said in How about improving Vivaldi's password manager?:
passwords aren't encrypted.
"They are",
But to access/view them.You can still access any website if you gain access to the computer and runs the V Profile.
Perhaps I should have said that the current encryption is a joke. You can use certain tools to decrypt them. So malware who get access to your browser passwords don't have to crack anything. And if someone has access to your PC, you also have a problem of course.
-
Nirsoft?
Not tested since long.Not sure if you still needs OS password to decrypt.
Or it's another?
-
@Zalex108 said in How about improving Vivaldi's password manager?:
Nirsoft?
Not tested since long.Not sure if you still needs OS password to decrypt.
Or it's another?
Yes correct, with these tools you can decrypt the password, unlike with Firefox and third party password managers like LastPass and Dashlane, to name a few. I believe even Edge has beefed up password security a bit. And since Vivaldi already has a sync feature, it could also sync these passwords to other machines, of course with 2FA protection.
-
@RasheedHolland There's at least one great solution available now. KeePassXC is a full power password manager. It stores your encrypted passwords locally, but you can put the file in Dropbox... to access it from the web. It's cross platform (Win/Mac/Linux/Android). It has optional 2FA with a hardware key or file and has a great autotype feature which can type passwords for you so they don't pass through your clipboard. It can also store files. It's open source.
I have never seen a password manager built into a browser that was very good. It's better to use a specialized application.
-
The passwords in Vivaldi’s password manager are encrypted on disk. They’re also end-to-end-encrypted (E2EE) when using Vivaldi Sync. Vivaldi knows how many total bytes of passwords you’re syncing, but has absolutely no idea what’s in your password vault.
The on-disk encryption key is stored in the Windows Credential Store, MacOS Keychain, or the KDE/GNOME password managers (Linux). Programs you give access to your local machine’s keystore can decrypt Vivaldi’s passwords. The sync encryption key is the one you created — separate from your Vivaldi Account password — when you enabled Vivaldi Sync.
-
@josephj11 said in How about improving Vivaldi's password manager?:
@RasheedHolland There's at least one great solution available now. KeePassXC is a full power password manager.
I have never seen a password manager built into a browser that was very good. It's better to use a specialized application.That's what I'm trying to explain. I'm not looking for a fully fledged password manager. I already use KeePass and Enpass as local password databases. But so far the handiest way to fill in username and passwords for me, is to do it with the browser itself. Problem is, that it's not very secure and also not easy to manage.
-
@daniel said in How about improving Vivaldi's password manager?:
The passwords in Vivaldi’s password manager are encrypted on disk. They’re also end-to-end-encrypted (E2EE) when using Vivaldi Sync. Vivaldi knows how many total bytes of passwords you’re syncing, but has absolutely no idea what’s in your password vault.
The on-disk encryption key is stored in the Windows Credential Store, MacOS Keychain, or the KDE/GNOME password managers (Linux). Programs you give access to your local machine’s keystore can decrypt Vivaldi’s passwords. The sync encryption key is the one you created — separate from your Vivaldi Account password — when you enabled Vivaldi Sync.
Yes, but like I said, it's not very secure. There are password decryption tools that can easily crack the passwords saved by Vivaldi. Same goes for any other Chromium based browser, like Edge, Brave, Chrome and Opera. You can't even protect it with a master password like in Firefox. As a true power browser, Vivaldi should offer a better password manager in my opinion.
https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins
-
@RasheedHolland If you already use KeePassXC (which is considerably improved compared to Keepass which is old and, AFAIK, unmaintained), take another look at the Autotype feature it offers. I used KeepassXC for years without realizing this was available and now I rely on it.
Configuring the Autotype triggering can be a bit touchy, but it usually works easily. You can also control the exact sequence of things it types using special tokens for tab and Enter and even adding delays between things for slow applications.
KeepassXC also has a small browser integration add-on that helps you fill in things on a field by field basis, but I don't use that as often.
-
@josephj11 said in How about improving Vivaldi's password manager?:
@RasheedHolland If you already use KeePassXC (which is considerably improved compared to Keepass which is old and, AFAIK, unmaintained), take another look at the Autotype feature it offers. I used KeepassXC for years without realizing this was available and now I rely on it.
Configuring the Autotype triggering can be a bit touchy, but it usually works easily. You can also control the exact sequence of things it types using special tokens for tab and Enter and even adding delays between things for slow applications.
KeepassXC also has a small browser integration add-on that helps you fill in things on a field by field basis, but I don't use that as often.
That's the thing, I don't want to use a third party password manager. From what I understood, they have to be running in memory in order for these browser extensions to work. I also don't want to mess around with this Auto-type stuff. I have tried RoboForm, KeePass and Enpass and none of them worked smoothly with the browser. The current built-in password managers in browsers are already quite good and handy, now they only need to become more secure and more pretty.
-
@josephj11 said in How about improving Vivaldi's password manager?:
(which is considerably improved compared to Keepass which is old and, AFAIK, unmaintained
Hi,
Nopehttps://keepass.info/index.html
Its AutoType works
Maybe others are better.Using the DB from DropBox or any other Online services works fine with CKP and KeepassTusk extensions, no need to run the app in the background.
On Mobile there are Apps also and the Auto fill works fine too.
-
@Zalex108 said in How about improving Vivaldi's password manager?:
Its AutoType works
Maybe others are better.OK cool that KeePass works, but I personally still don't like to use third party password managers, at least not for browser password management.
Now that I think of it, passwords don't even have their own section in Vivaldi settings, why not make it more like Padloc. And password management is currently based on the standard Chromium feature, which sometimes doesn't even work correctly on certain sites.
-
@RasheedHolland Passwords have a section n privacy and security.
-
@Ayespy said in How about improving Vivaldi's password manager?:
@RasheedHolland Passwords have a section n privacy and security.
Yes I know, but it needs its own section, so not per se under privacy and security. Now it's almost hidden, that's what I meant.
-
@daniel said in How about improving Vivaldi's password manager?:
The passwords in Vivaldi’s password manager are encrypted on disk. They’re also end-to-end-encrypted (E2EE) when using Vivaldi Sync. Vivaldi knows how many total bytes of passwords you’re syncing, but has absolutely no idea what’s in your password vault.
The on-disk encryption key is stored in the Windows Credential Store, MacOS Keychain, or the KDE/GNOME password managers (Linux). Programs you give access to your local machine’s keystore can decrypt Vivaldi’s passwords. The sync encryption key is the one you created — separate from your Vivaldi Account password — when you enabled Vivaldi Sync.
You are aware that you can easily crack Vivaldi (Chromium) passwords via Nirsoft tools, right? That's why malware like infostealers often target browsers, the passwords are easy to crack. But with Firefox it won't work because they use a master password (better encryption).
But anyway, Vivaldi's password manager should be more like Proton Pass, which is not a desktop app but an extension. The problem is that they probably store your passwords in the cloud, which I don't like. But perhaps you can use this extension as inspiration.
https://www.nirsoft.net/password_recovery_tools.html
https://proton.me/pass
