Saving passwords in browser?
-
I want to know if saving my passwords in Vivaldi's built in password manager is safe. I know storing passwords in Chrome or Edge isn't safe at all, but is it safe with Vivaldi?
-
@ogredale Password management has same security level as Chromium/Chrome/Brave/Edge.
If you need better, disable save of passwords in Settings of browser and use a external password manager app like f.ex. KeepassXC.
-
@ogredale said in Saving passwords in browser?:
I know storing passwords in Chrome or Edge isn't safe at all, but is it safe with Vivaldi?
Give examples of why it's not safe. So far I haven't heard of Chromium-based browsers being the source of leaked information that was first encrypted on the user's device with a separate password that only the user knows, and then synchronized.
-
Storing passwords in Vivaldi's password manager is pretty secure. It encrypts your passwords locally, so they're safe on your device. But remember, if someone can access your computer, they might get to your passwords.
For more than just website passwords, consider a dedicated password manager. Elepass(dot)io, for example, offers great team-focused features. It's worth checking out, especially if you need something more robust than a browser's built-in manager. They offer additional features like organizing and encrypting all your passwords, either in the cloud or locally on your device.(Active link removed by Moderator. Active links to products are generally treated as spam and, absent other considerations, can result in a permanent ban of the user's profile.)
-
Couldn't find it in a quick search but, years ago there was a report related to the leak of passwords when added on a website.
IIRC, the passwords were sent in plain text and were leaked.
There was a website test and that affected every Chromium.Actually I don't know if that's fixed, I guess so, but not sure.
Will need to find the website and test it.
"You cannot know the meaning of your life until you are connected to the power that created you" · Shri Mataji Nirmala Devi
-
@Zalex108 said in Saving passwords in browser?:
the passwords were sent in plain text and were leaked.
All the passwords stored in browser have leaked?
Or just one that the person entered on some website themselves?Actually, I've already raised this question: even on android, in what form are passwords stored in the browser, in its internal data folder? If it's plain-text, it's a ready-made vulnerability. Then it's pointless to enable biometric protection, etc. Each password should be stored encrypted separately and decrypted only at the user's request. It is best to have a separate master password for decrypting passwords stored inside the browser. Yes, one more password. Or a password + a secret question for the user, the answer to which changes over time.
雪ふりや 棟の白猫 声ばかり
-
@far4 said in Saving passwords in browser?:
just one that the person entered on some website themselves
Seems fixed
https://senglehardt.com/demo/no_boundaries/loginmanager/index.htmlBut better to keep sensitive ones outside the browser
"You cannot know the meaning of your life until you are connected to the power that created you" · Shri Mataji Nirmala Devi
-
@far4 said in Saving passwords in browser?:
Actually, I've already raised this question: even on android, in what form are passwords stored in the browser, in its internal data folder? If it's plain-text, it's a ready-made vulnerability. Then it's pointless to enable biometric protection, etc. Each password should be stored encrypted separately and decrypted only at the user's request. It is best to have a separate master password for decrypting passwords stored inside the browser. Yes, one more password. Or a password + a secret question for the user, the answer to which changes over time.
The file is encrypted, but the management during the input to a website isn't and remain as plain text in memory.
-
@Zalex108
I always turn off autocomplete - so it's not wasted. I also disable browser access to the clipboard and the like. Generally speaking, Vivaldi should be installed with such restrictive default settings, because what I start with every time with a clean installation is that I turn off, turn off, and turn off everything that's on. -
@far4
Haha, maybe you should turn off your paranoia mode.
I don't do this since Sinclair ZX 81 and now on Android and got never any security issues.
The forum will get flooded with posts if this gets the defaults.Cheers, mib
-
@far4 would be reffering to the Chromium Side Settings instead of Vivaldi
I've time not installing new V so I don't remember.
"You cannot know the meaning of your life until you are connected to the power that created you" · Shri Mataji Nirmala Devi
-
-
@mib2berlin said in Saving passwords in browser?:
@Zalex108
If you don't need the Phishing Protection from Google and the Playstore for extensions you can disable all.
No idea why Hangouts is enabled by default but was just a joke for @far4.
xD
Got it! xD -
@Silouan The password database is unlocked when you login to your OS user account. No extra master password protection.
