Opinion - What are your thoughts on password managers? Do you use one? Would you recommend it to others? - eviltoast
  • beeb@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    1 year ago

    The passwords store on Google chrome is not encrypted in a way that makes it hard to steal your credentials. The encryption key is stored on your file system alongside it in plain text. There are generally much fewer concerns for security in browser password managers than in standalone solutions. The standalone password managers also allow you to enter credentials into apps on your phone or desktop even if login doesn’t happen in a Web view. Usually they also allow to store much more data besides passwords (passports, encryption keys, secret text documents or pdfs, credit card information, …). I use 1password and they have very good integration I the browser and os through their extensions and apps. It’s not less convenient than chrome’s own solution.

    • isdfoa@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Good to know, thanks! I wasn’t aware passwords on chrome are not encrypted.

      I’ll have to take a look into cost of 1password and Bitwarden, and see if any of them have password import features from Chrome to make the switch easy

      • Swarfega@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I can’t comment on 1password but Bitwarden has a free version.

        KeePass is also a very good password manager but isn’t stored online. It’s a standalone application. I used KeePass for years but switched to Bitwarden last year for my online passwords.

        • MrPozor@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          You can sync KeePass files automatically between devices using plugins. Takes time to set up at first but afterwards you have the best of both worlds completely for free.

          • Swarfega@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I used to sync using triggers over OneDrive. A while ago now, but they updated the application to handle synchronisation better and it’s pretty much baked in. KeePassXC is even better in that it can reload your database the second it detects changes.

            I really do like KeePass, it features one thing many other (any?) applications don’t offer and that’s auto-typing your credentials into applications. For this reason alone I still use KeePass heavily at my workplace.

      • tsl@vlemmy.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I use Bitwarden and I definitely imported all my passwords from Chrome. There’s a guide somewhere on their website I believe.

      • beeb@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You might find this interesting on a technical level: https://www.youtube.com/watch?v=CIOsemj3kl4

        Regarding import from chrome, here is the article for 1password https://support.1password.com/import-chrome/

        The cost is not free but if you’re comfortable with having anyone but you handle your (encrypted) data I think they are a good option. Like others said, Bitwarden is another popular alternative which you can also self-host if that’s your thing (either through their official server or through the alternative vaultwarden open-source project).

    • lazyslacker@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m not aware of the details but my understanding has been that chrome used to store passwords unencrypted but now it does not.

      • beeb@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        They are indeed encrypted but the encryption key is stored in the user’s profile on disk, which defies the purpose.

    • Noughmad@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      The standalone password managers also allow you to enter credentials into apps on your phone or desktop even if login doesn’t happen in a Web view.

      This is possible with in-browser password managers too, at least with Firefox on Android, and I would be really surprised if it weren’t supported by Chrome as well.