KWallet: what are "local passwords"?

Duncan 1i5t5.duncan at cox.net
Fri Sep 27 21:55:52 BST 2013 

Volker Kuhlmann posted on Fri, 27 Sep 2013 14:44:19 +1200 as excerpted:

> On Thu 26 Sep 2013 05:08:33 NZST +1200, Frank Steinmetzger wrote:
> 
>> BTW: How do you organise your wallets/passwords efficiently and
>> securely?
> 
> Dump everything into one wallet. Everything else I doubt is properly
> supported and therefore probably won't work properly.

That's what I did back when I used kwallet, too.  Everything in one 
wallet.

> For web apps wallets unfortunately are only used by konqueror, and if
> you use that as your only browser, you're sunk before you even started.
> It doesn't handle multiple users/passwords for the same web form at all,
> so kwallet is already useless except for one set, not to mention that it
> never notices a password to store in a large proportion of sites in the
> first place (firefox doesn't either).

I agree about konqueror, tho for different reasons.  Konqueror's security 
support isn't where it should be for a browser relied upon for Internet 
banking, etc, security patches aren't always made in a timely manner.  It 
appears the devs simply consider it a toy, not arguably the highest 
priority security target most users run, since a browser is the thing 
most exposed to the wild Internet, AND is likely used for internet 
banking, etc.

That's what ultimately caused me to drop konqueror and switch to firefox.  
Firefox doesn't integrate quite as well with kde, but they take security 
far more seriously.

Besides, I've come to depend on firefox extensions such as noscript and 
requestpolicy, which konqueror simply can't keep up with as it doesn't 
have the developer or user base.  Tho the kde integration still kept me 
on konqueror, with firefox the secondary browser, until I realized that 
konqueror security issues were taking months, sometimes years, to 
properly address.  (/How/ long did konqueror for kde4 have to wait before 
it had a proper GUI for security certificate revokation, in this day and 
age when whole certification authorities along with ALL their certs are 
being compromised?  It was several years after kde4 was declared "ready 
for ordinary users, I know that!  What about the double-form-submission 
bug, in a browser where a double-submission could result in two online 
purchases instead of one?  That one took two monthly bugfix releases, 
despite them knowing which commit triggered it, and IIRC it was actually 
introduced in what was /supposed/ to be a bugfix-only release, as well!)


Meanwhile, there IS a kwallet integration extension available for firefox 
as well.  I tried it when I first switched to firefox from konqueror.  
Unfortunately, it had some bugs/features I couldn't live with (it would 
popup on EVERY PAGE for a site I had a password on, even when I was just 
browsing and didn't want to login).  And as you said, kwallet has trouble 
when one has more than one login for a site, tho I never had trouble with 
that when I was using kwallet with konqueror, but it /does/ mean that 
even with the extension, the integration between kwallet and firefox 
isn't as good as it could be if the saving schemes were more similar, 
even if there's nothing the extension author could do about that.

So I ended up uninstalling the firefox kwallet extension here, but it is 
there for those who want to try it, so it's not /just/ the konqueror 
browser that can use kwallet.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list