1544
submitted 1 year ago by Kagathara@lemmy.ca to c/android@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] beeb@lemm.ee 6 points 1 year ago* (last edited 1 year ago)

The passwords store on Google chrome is not encrypted in a way that makes it hard to steal your credentials. The encryption key is stored on your file system alongside it in plain text. There are generally much fewer concerns for security in browser password managers than in standalone solutions. The standalone password managers also allow you to enter credentials into apps on your phone or desktop even if login doesn't happen in a Web view. Usually they also allow to store much more data besides passwords (passports, encryption keys, secret text documents or pdfs, credit card information, ...). I use 1password and they have very good integration I the browser and os through their extensions and apps. It's not less convenient than chrome's own solution.

[-] isdfoa@lemmy.world 4 points 1 year ago

Good to know, thanks! I wasn't aware passwords on chrome are not encrypted.

I'll have to take a look into cost of 1password and Bitwarden, and see if any of them have password import features from Chrome to make the switch easy

[-] Swarfega@lemm.ee 4 points 1 year ago

I can't comment on 1password but Bitwarden has a free version.

KeePass is also a very good password manager but isn't stored online. It's a standalone application. I used KeePass for years but switched to Bitwarden last year for my online passwords.

[-] MrPozor@discuss.tchncs.de 1 points 1 year ago

You can sync KeePass files automatically between devices using plugins. Takes time to set up at first but afterwards you have the best of both worlds completely for free.

[-] Swarfega@lemm.ee 1 points 1 year ago

I used to sync using triggers over OneDrive. A while ago now, but they updated the application to handle synchronisation better and it's pretty much baked in. KeePassXC is even better in that it can reload your database the second it detects changes.

I really do like KeePass, it features one thing many other (any?) applications don't offer and that's auto-typing your credentials into applications. For this reason alone I still use KeePass heavily at my workplace.

[-] tsl@vlemmy.net 1 points 1 year ago

I use Bitwarden and I definitely imported all my passwords from Chrome. There's a guide somewhere on their website I believe.

[-] beeb@lemm.ee 1 points 1 year ago

You might find this interesting on a technical level: https://www.youtube.com/watch?v=CIOsemj3kl4

Regarding import from chrome, here is the article for 1password https://support.1password.com/import-chrome/

The cost is not free but if you're comfortable with having anyone but you handle your (encrypted) data I think they are a good option. Like others said, Bitwarden is another popular alternative which you can also self-host if that's your thing (either through their official server or through the alternative vaultwarden open-source project).

[-] lazyslacker@lemmy.world 1 points 1 year ago

I'm not aware of the details but my understanding has been that chrome used to store passwords unencrypted but now it does not.

[-] beeb@lemm.ee 1 points 1 year ago

They are indeed encrypted but the encryption key is stored in the user's profile on disk, which defies the purpose.

[-] Noughmad@programming.dev 1 points 1 year ago

The standalone password managers also allow you to enter credentials into apps on your phone or desktop even if login doesn’t happen in a Web view.

This is possible with in-browser password managers too, at least with Firefox on Android, and I would be really surprised if it weren't supported by Chrome as well.

this post was submitted on 05 Jul 2023
1544 points (100.0% liked)

Android

28040 readers
145 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

!android@lemmy.ml


founded 1 year ago
MODERATORS