When it comes down to it, there isn’t a password manager for the browser and Android/iOS that works as intuitively and as consistently as Bitwarden for auto-store, update and auto filling passwords that is also open source. To be fair I’m not a security expert, but if people can trust ProtonMail, they should be able to trust Bitwarden I’ve had a cursory glance at the source and I feel the end-to-end nature of the encrypted store looks pretty good. Why Both? There wasn’t a good plugin for password-store at the time and I needed a way to help my wife and family browse more safely as I lived in a clan of repeatedly-used passwordsĪs as has already stated, Bitwarden is audited. I’d give Firefox’s a second thought if I weren’t already deep into password-store and Bitwarden. Although the difference may be marginal.I have a hard time with browser-supplied password stores. KeepassXC would probably be safer? Maybe. But in a security aspect, I would say that you can use both of them in a safe way. I personally prefer KeepassXC to Keepass2 under Linux as I find it to integrate better with the system overall. Note however that you could be using either of them without any browser plugin, in which case this piece may not be important. If any, because KeePassHTTP has some shortcomings that KeePassXC-Browser was designed to fix. I haven't studied the extensions themselves, but from a brief look at the linked bugs, I think it is. Is KeePassXC-Browser better than KeePassHTTP ? This was expressed by Randall Munroe on his xkcd 1200: Authorization: Your system files (which could be recovered by reinstalling) will be safe, but your photos and personal data won't. Even if it isn't able to run as root, a malware can do a lot of harm, for example a ransomware. However, running malware != running malware as root. Some people are very conscious and won't run as root anything not completely innocuous (or even they restrict themselves to their package manager), while others will do all kinds of stupid-to-harmful actions… as root (and should have no root privileges at all). How unlikely you are to accidentally a malware of coke depends a lot on the person. I would have thought that I would be unlikely to ‘accidentally’ execute malware as root under Linux? YMMV, as you may find that the benefit of running program X outweights the added risk of higher exposure.
Keepass vs keepassxc windows#
a ransomware that was developed for a windows target). This page makes the point that by installing wine or mono, as that allows you to run more programs (like windows ones), they make easier to run malware, too. I will try to provide a general answer to the things you mentioned: The mix of questions makes harder to reply, it would be preferable to ask different things as separate questions. Sorry for mix of questions… basically I am asking if, under Linux, KeepassXC would probably be safer to use compared to Keepass2? Is this correct? – I would have thought that I would be unlikely to ‘accidentally’ execute malware as root under Linux? in order to run Keepass2 (esp if also using the Keepass-Http connector) one needs Mono. Would anyone have any comments re the security of KeePassXC-Browser extension?Ģ.
It doesn’t need Mono (if I understand correctly) and it uses KeePassXC-Browser (rather than KeepassHTTP) However, I have now tried using KeepassXC which has changed beyond recognition in the past few months. As long as your computer is not compromised, your passwords are fairly safe that way, but use it at your own risk!Īs of KeePassXC 2.3, we deprecated KeePassHTTP in favor of KeePassXC-Browser.
)KeePassXC therefore strictly limits communication between itself and the browser plugin to your local computer. KeePassHTTP is not a highly secure protocol and has certain flaws which allow an attacker to decrypt your passwords if they manage to intercept communication between a KeePassHTTP server and KeePassHTTP-Connector over a network connection (see and. I am using KeePass-Http connector (just such a useful and quick extension to enter logins/passwords!) and there are some security concerns re this:.I have the following 2 questions re this: I have been using Keepass2 which is just such an amazing password manager HOWEVER I have been using Xubuntu for several years now this question is regarding password managers under Linux/Ubuntu.
0 kommentar(er)
