• @[email protected]
    link
    fedilink
    English
    5
    edit-2
    1 year ago

    The passwords store on Google chrome is not encrypted in a way that makes it hard to steal your credentials. The encryption key is stored on your file system alongside it in plain text. There are generally much fewer concerns for security in browser password managers than in standalone solutions. The standalone password managers also allow you to enter credentials into apps on your phone or desktop even if login doesn’t happen in a Web view. Usually they also allow to store much more data besides passwords (passports, encryption keys, secret text documents or pdfs, credit card information, …). I use 1password and they have very good integration I the browser and os through their extensions and apps. It’s not less convenient than chrome’s own solution.

    • @isdfoa
      link
      English
      41 year ago

      Good to know, thanks! I wasn’t aware passwords on chrome are not encrypted.

      I’ll have to take a look into cost of 1password and Bitwarden, and see if any of them have password import features from Chrome to make the switch easy

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        I can’t comment on 1password but Bitwarden has a free version.

        KeePass is also a very good password manager but isn’t stored online. It’s a standalone application. I used KeePass for years but switched to Bitwarden last year for my online passwords.

        • @[email protected]
          link
          fedilink
          English
          11 year ago

          You can sync KeePass files automatically between devices using plugins. Takes time to set up at first but afterwards you have the best of both worlds completely for free.

          • @[email protected]
            link
            fedilink
            English
            11 year ago

            I used to sync using triggers over OneDrive. A while ago now, but they updated the application to handle synchronisation better and it’s pretty much baked in. KeePassXC is even better in that it can reload your database the second it detects changes.

            I really do like KeePass, it features one thing many other (any?) applications don’t offer and that’s auto-typing your credentials into applications. For this reason alone I still use KeePass heavily at my workplace.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        I use Bitwarden and I definitely imported all my passwords from Chrome. There’s a guide somewhere on their website I believe.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        You might find this interesting on a technical level: https://www.youtube.com/watch?v=CIOsemj3kl4

        Regarding import from chrome, here is the article for 1password https://support.1password.com/import-chrome/

        The cost is not free but if you’re comfortable with having anyone but you handle your (encrypted) data I think they are a good option. Like others said, Bitwarden is another popular alternative which you can also self-host if that’s your thing (either through their official server or through the alternative vaultwarden open-source project).

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      The standalone password managers also allow you to enter credentials into apps on your phone or desktop even if login doesn’t happen in a Web view.

      This is possible with in-browser password managers too, at least with Firefox on Android, and I would be really surprised if it weren’t supported by Chrome as well.

    • @lazyslacker
      link
      English
      11 year ago

      I’m not aware of the details but my understanding has been that chrome used to store passwords unencrypted but now it does not.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        They are indeed encrypted but the encryption key is stored in the user’s profile on disk, which defies the purpose.