KWallet: what are "local passwords"?
Duncan
1i5t5.duncan at cox.net
Fri Sep 27 21:55:52 BST 2013
Volker Kuhlmann posted on Fri, 27 Sep 2013 14:44:19 +1200 as excerpted:
> On Thu 26 Sep 2013 05:08:33 NZST +1200, Frank Steinmetzger wrote:
>
>> BTW: How do you organise your wallets/passwords efficiently and
>> securely?
>
> Dump everything into one wallet. Everything else I doubt is properly
> supported and therefore probably won't work properly.
That's what I did back when I used kwallet, too. Everything in one
wallet.
> For web apps wallets unfortunately are only used by konqueror, and if
> you use that as your only browser, you're sunk before you even started.
> It doesn't handle multiple users/passwords for the same web form at all,
> so kwallet is already useless except for one set, not to mention that it
> never notices a password to store in a large proportion of sites in the
> first place (firefox doesn't either).
I agree about konqueror, tho for different reasons. Konqueror's security
support isn't where it should be for a browser relied upon for Internet
banking, etc, security patches aren't always made in a timely manner. It
appears the devs simply consider it a toy, not arguably the highest
priority security target most users run, since a browser is the thing
most exposed to the wild Internet, AND is likely used for internet
banking, etc.
That's what ultimately caused me to drop konqueror and switch to firefox.
Firefox doesn't integrate quite as well with kde, but they take security
far more seriously.
Besides, I've come to depend on firefox extensions such as noscript and
requestpolicy, which konqueror simply can't keep up with as it doesn't
have the developer or user base. Tho the kde integration still kept me
on konqueror, with firefox the secondary browser, until I realized that
konqueror security issues were taking months, sometimes years, to
properly address. (/How/ long did konqueror for kde4 have to wait before
it had a proper GUI for security certificate revokation, in this day and
age when whole certification authorities along with ALL their certs are
being compromised? It was several years after kde4 was declared "ready
for ordinary users, I know that! What about the double-form-submission
bug, in a browser where a double-submission could result in two online
purchases instead of one? That one took two monthly bugfix releases,
despite them knowing which commit triggered it, and IIRC it was actually
introduced in what was /supposed/ to be a bugfix-only release, as well!)
Meanwhile, there IS a kwallet integration extension available for firefox
as well. I tried it when I first switched to firefox from konqueror.
Unfortunately, it had some bugs/features I couldn't live with (it would
popup on EVERY PAGE for a site I had a password on, even when I was just
browsing and didn't want to login). And as you said, kwallet has trouble
when one has more than one login for a site, tho I never had trouble with
that when I was using kwallet with konqueror, but it /does/ mean that
even with the extension, the integration between kwallet and firefox
isn't as good as it could be if the saving schemes were more similar,
even if there's nothing the extension author could do about that.
So I ended up uninstalling the firefox kwallet extension here, but it is
there for those who want to try it, so it's not /just/ the konqueror
browser that can use kwallet.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
___________________________________________________
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.
More information about the kde
mailing list