passwords-webextension icon indicating copy to clipboard operation
passwords-webextension copied to clipboard

Published 20 hours ago verified publisher icon marius-wieschollek

Add option to save Passwords App Master Password

Open jejo86 opened this issue 3 years ago • 6 comments

Current Status On each start of e.g. Firefox, the Master Password (if end-to-end encryption is enabled) has to be inserted before the individual passwords are accessible.

Feature Description An option in the add-on's settings to save that Master Password should be provided. This option should be labeled with a warning (exclamation mark in yellow triangle), as the other dangerous options.

Additional context I am using the passwords-webextension in different devices, some I consider safe some not. For the safe ones, I would like to have the master password saved, since it is annoying to type it in on every start.

Devices I consider safe, are my desktop PC, at home. No one has access to it, but me. If a burglar were to break into my house, I would accept the security breach. Also my laptop and smartphone. Usually very unsafe, since they are mobile devices, which can be stolen or forgotten, but the disks are encrypted and I have strong passwords for the operating system's user accounts. If someone would steal the turned-on, unlocked (with me logged in) device from under my hand, I would be fine with the security breach.

So why not simply turn off the master password?

I have one device, a tablet, which is mobile and cannot be encrypted (very slow device). For this device I would accept the additional burden of entering the master password. For all other devices I choose convenience over security.

jejo86 avatar Apr 19 '21 13:04 jejo86

Very good suggestion. I would appreciate such a feature too.

Jolopu avatar Jun 04 '21 12:06 Jolopu

Yes. For me is absolutely necessary. It is a must since I share my computer with the rest of the house.

friki67 avatar Jun 29 '21 08:06 friki67

Yes. Please! There is currently NO replacement for how Chrome handles password syncing so long as every way to autofill from a source (Such as KeePass) requires you to type in your super secure password everytime. It makes me not even want to bother. Let me take control of my clients that I put the master password in. Have all the disclaimers you want. Every device that would have my master password is bitlocker encrypted and I accept the risk for the convenience that it provides.

AE720 avatar Jan 31 '22 14:01 AE720

would it be possible to leverage browser's password storage for this? It's better than storing it in plain text somewhere and will allow us to leverage a proven technology without having to reinvent the wheel

jficz avatar Aug 18 '22 08:08 jficz

would it be possible to leverage browser's password storage for this? It's better than storing it in plain text somewhere and will allow us to leverage a proven technology without having to reinvent the wheel

Technically yes https://developer.chrome.com/docs/extensions/reference/privacy/

Someone referenced that link to my own feature suggestion that might also handle this issue: https://github.com/marius-wieschollek/passwords-webextension/issues/212

AE720 avatar Aug 18 '22 11:08 AE720

The chrome.privacy api does not provide access to the password manager of chrome nor does it provide any secure password storage option.

marius-wieschollek avatar Aug 23 '22 19:08 marius-wieschollek