Passwords manager #832
Comments
|
Please consider a behavior Wand-like in which to fill the fields you've to click on the toolbar icon. I really dislike the behavior used in all other browsers (sigh... I can't understand why all I hate is taken as a model to follow :( ) in witch to autocomplete a field you've to click on it. |
|
@lollox, I don't have strong opinion about that part, personally I don't use passwords managers, maybe with exception of HTTP auth. ;-) |
|
+1 to lollox's request. I hate the the auto-fill that some other browsers do. It should be an explicit action by the user, clicking the wand (or relevant keyboard shortcut). |
|
i hope there is option to use integrated password storage on every OS like in firefox, i myself hate OS based storages but for me it is easiest to move encrypted file from one OS to another. |
|
@fcore117, yes, there will be an option to force backend, although by default we will use storage method provided by system. |
|
It is good to hear, i like to carry passwords offline and like to use same file on every os like with Firefox i have done 10 years. Master password is best to me, thanks for making it. |
|
The password question hides before I can read it or click on it. |
|
I can understand the developer's desire for a perfect password manager. While I myself would like to see some of the proposed features, what's far more important for me at the moment is any working password manager in Otter Browser. Having no knowledge of the internals of Otter, I wonder: Is there a place where I could add a quick-and-dirty password manager implementation? I don't care if it were a simple comma-delimited file with passwords in plaintext, I can handle the security of that well enough for my needs; what I can't handle is those hundreds of random passwords which I use for individual websites in a semi-comfortable manner. |
|
@zoidbergthepopularone If I recall correcly, there is already support for user JS. I don’t know JS at all, but you may be able to handle local files with it. It will be a dirty workaround but since you’re not very concerned about the security it might do the job in the waiting of the real password manager. Though, if Emdek doesn’t postpone it again to the next beta, it will be available soon. |
|
@pierreporte: Actually, I am highly concerned about security. I don't care about the security of Otter Browser's local storage too much because I can handle it securely enough outside of OB. But I need some storage, simply because I find it important to use complex random passwords and those are pain to use without some form of storage. UserJS is not a solution, precisely because JS is a huge security hole in itself and its implementation in modern browsers makes it doubly so :-( (I would need to enable JS for all websites to be able to use a UserJS-based solution, and that's simply insane from security viewpoint). If Emdek implements a proper password manager soon, great. However, I am not sure it's a huge priority for him and I am certain he does have a lot of other things he would rather be doing. That's why I am asking if there is some place to easily plug my own implementation. That way I could get a satisfactory (though not great) password manager without imposing on Emdek's time. |
|
@zoidbergthepopularone It’s not really the place to discuss of this, but have you considered using a standalone password manager? Of course, I was talking about the security of the browser and I perfectly understand your password policy. |
|
I'd recommend a separate password manager regardless. There's three main On Sep 13, 2016 7:28 PM, "Thomas" notifications@github.com wrote:
|
|
That is what i hate most and miss from Chromium that it needs damned external manager, best storage is still offline file with superior master password. Currently Chromium is just transitioning browser for me as Firefox is too slow and do not have native h264 ffmpeg like chromium(chromium.woolyss.com). If Otter becomes stable then i prepare to abandon Chromium. |
|
@The-Compiler To actually make a selection one also needs to investigate other aspects. The most important may be import/export possibilities. For example, Enpass (not FOSS) currently only exports to plain text and I don't know how well that imports, but it does export well to printer. Other good features are pointing out weak passwords (admittedly, that's seldom my fault), duplicate passwords, and the age of passwords. Password generation may be included or done separately. |
|
I think you can be interested in this: https://github.com/palant/easypasswords Here the author's blog with all explanations: https://palant.de/2016/04/19/easy-passwords I'm following this guy and I think his work is to be taken in consideration |
|
Sure, if you like the on-the-fly generation thing there are several (non-browser extension) options as well. I'm not sure how those kinds of systems typically deal with having (or wanting) to change your password regularly or due to a breach, but I suppose there must be methods in place. Furthermore, with regard to a browser extension I'd be a priori worried about matters like non-browser use (quite important!) and perhaps also synchronization, not to mention that I don't want to be tied to a specific browser (even Otter =) ). Anyway, interesting blog. ;-) |
|
for what I understood, stuff like sync and browser lock-in are not a problem due to the nature of that method (the password is generated on the fly) How it manages password changes is something I didn't understand myself, but it seems it's possible... well, I will look into it to better understand its capabilities |
|
I'd say that a password manager is either borderline worthless or sync is an issue. The password may be generated on the fly rather than stored, but you still need to store the parameters. |
…entry but password differs, references #832
|
Add now built-in passwords manager is finally ready, but as of now it has one BIG limitation, no encryption yet, see #1199. |
|
Very good news, thank you developers and invent best password storage encryption. |
We need to finally get one. ;-)
It needs to be backend based and we need to ship backends to support native password storage solutions.
There has to be also fallback solution using encrypted file to store data.
As a bonus we could try to add support for importing passwords from classic Opera (and maybe from other browsers too) using algorithm described in article about unwand.
The text was updated successfully, but these errors were encountered: