Keepass seems to be the best available password manager.
Info:
What is KeePass?
Today you need to remember many
passwords. You need a password for the
Windows network logon, your e-mail
account, your homepage's FTP password,
online passwords (like website member
account), etc. etc. etc. The list is
endless. Also, you should use
different passwords for each account.
Because if you use only one password
everywhere and someone gets this
password you have a problem... A
serious problem. The thief would have
access to your e-mail account,
homepage, etc. Unimaginable.
KeePass is a free open source password
manager, which helps you to manage
your passwords in a secure way. You
can put all your passwords in one
database, which is locked with one
master key or a key file. So you only
have to remember one single master
password or select the key file to
unlock the whole database. The
databases are encrypted using the best
and most secure encryption algorithms
currently known (AES and Twofish). For
more information, see the features
page.
How to install for the MAC:
Running KeePass under Mono (Linux, Mac OS X, BSD, ...)
In addition to Windows, KeePass 2.x runs fine under Mono, i.e. Linux, Mac OS X, BSD, etc. In order to run KeePass, follow these steps:
- Install Mono ≥ 2.6 (older versions will not work and are not supported). Depending on your platform, the packages to install are called mono-stable, MonoFramework, mono-devel or mono-2.0-devel; see the Mono project page, if you are unsure which packages to install. On some platforms, the Windows Forms implementation (System.Windows.Forms) is offered as a separate package; KeePass requires this package, so if you see one, install it, too.
- If you want to use auto-type on Linux / Mac OS X / BSD / etc., you additionally need the xdotool package.
- Download the portable version of KeePass (file KeePass-2.xx.zip) and unpack it in a location of your choice.
- When being in the KeePass directory, run the command line "mono KeePass.exe". Alternatively, right-click onto the KeePass.exe file, choose "Open with Other Application" and type in mono as custom command.
For the last step you might want to create a shortcut or shell script file with this command line (use an absolute path to KeePass.exe, if the shortcut / shell script file is in a different location).
What is Gnome Keyring
It's a password storage system – exactly like the one inside Chrome, and exactly like the one inside Firefox, except it's system-wide and it's encrypted by default.
This is in fact why Chrome uses it – Chrome's own password storage is not encrypted. GNOME Keyring is a system component, knows your login password, and can use it as the encryption key for everything else. Chrome is just an app and doesn't have any keys it could use.
In KDE, Chrome uses KWallet for the same purpose. (On Windows, I think it has its own database, but asks the OS to hold just the "master key".)
What about Firefox? Well, technically Firefox's password database is encrypted. However, the encryption key is stored in a file right next to the database meaning other programs can easily decrypt the passwords anyway. Without a system keyring, password storage is like writing the PIN code on your credit card.
Seahorse?
Seahorse is the management app for GNOME Keyring.
Why it's storing passwords in plain text,
It's not. On disk they are encrypted (using your Linux password). Of course they must be decrypted in memory, so that programs could use them. Chrome can't autofill a password unless it can access that password in plaintext.
(Note again that GNOME Keyring encrypts its password storage, but Chrome itself does not.)
allowing anyone to see passwords?
Do you give your Linux password to anyone? If not, then anyone cannot see the keyring contents without your login password.
How can I disable this from my computer?
You can start Chromium with the --password-store=basic
option. Note that with this option you would lose any encryption you had. The passwords would be stored in a SQLite3 database ~/.config/chromium/Default/Login Data
, in plain text.
The most interesting question: why it's storing passwords without my consent?
You gave your consent when Chrome asked "Do you want to save this password?" and you clicked "Save" in the popup. Whether the password is hidden inside Chrome's own database or a common system one is irrelevant.
Best Answer
Using
userChrome.css
, you can disable the password panel that pops up asking if you want to save the password. I inspected the element and it's a panel with attributepopupid
where the value ispassword
.If you also want to disable the password key icon that shows up in the address bar, you can do the same for that. Its id is
#password-notification-icon
.