On Password Management: Firefox Yes, Chrome No

Summary: Firefox allows me to store passwords locally, encrypted, and password protected. Chrome wants to store passwords on line, which is not acceptable.

A recent, noticeable slowdown in Firefox (since alleviated) cause me to move more of my work over to Chrome. An essential part of this includes logging in to sites that I have password protected. My usual way to make a password is to run

uuidgen -r

And copy the result into the password field.  Since the output looks like this:

df413d28-957d-4d17-88f4-39c08b6eb81c

You can imagine that I don’t want to type that in every single time.

And, no, I did not just give you my password.  From the uuidgen man page:

There are two types of UUIDs which uuidgen can generate: time-based UUIDs and random-based UUIDs. By default uuidgen will generate a random-based UUID if a high-quality random number generator is
present. Otherwise, it will choose a time-based UUID. It is possible to force the generation of one of these two UUID types by using the -r or -t options.

OPTIONS
-r, –random
Generate a random-based UUID. This method creates a UUID consisting mostly of random bits. It requires that the operating system have a high quality random number generator, such as
/dev/random.

When I use Firefox, I store these in my local store.  To be precise, Firefox manages an NSS database.  This is a local, encrypted store that can be password protected.  I make use of that password protection.  That is the essential feature.

My local password to access my NSS Database is long, unique, and took me a long time to memorize, and I do not want it shared on other systems.  It is only used local to my primary work station.  Not a perfect setup, but better than the defaults.

I looked for a comparable feature in Chromium and found this under Manage Passwords:

Auto Sign-in
Automatically sign in to websites using stored credentials. If disabled, you will be asked for confirmation every time before signing in to a website.
Access your passwords from any device at passwords.google.com

So, no.  I do not want to share my password data with a third party.  I do not trust Google any more than I have to.  I do not want to send my password data over the wire for storage.

It is a constant battle to limit exposure.  Social media is a huge part of my life, and I don’t really like that.  I want to keep it as much under my own control as possible, or to split my exposure among different players.  Google owes me nothing more than my Google Play Music, as that is all I have paid them for.  Everything else they use for their own means, and I know and accept that.  But it means I have no reason to trust them, or any other social site.  I do not use off-machine password managers.  If I did, it would be one I installed and ran myself on a system that I paid for.

Not Google.

 

 

2 thoughts on “On Password Management: Firefox Yes, Chrome No

  1. Try QupZilla, it uses QtWebEngine, the Qt port of Chrome’s Blink engine, and it can store your passwords in KWallet or GNOME Keyring if you 1. install the respective plugin (subpackage), 2. enable it in the preferences, then 3. set your password store to it in the preferences.

Leave a Reply

Your email address will not be published. Required fields are marked *