I am curious to know of what is safer to use with the browser inclused with Fedora (firefox). Is it a risk to use the password manager built into the browser. I have read this is not safe for banking and other important credentials.
What steps could be taken to mitigate this risk, such as a Bitwarden plugin, is this better or not neccasary?
Also store the username in the password file? pass has no restrictions on what you can save in the file. For example, my pass files are:
<Any other additional info>
I save these files as: <hostname> or if I have multiple accounts for the same hostname, <username@hostname>.
I use qutebrowser which as a userscript to use pass, which reads the password from the first line and username from a line with username:, and this can be changed depending on how you format your pass files.
+1 for KeePassXC, look at how easy (in most cases) browsers import each other’s password databases.
It seems reasonable to create a separate database with only a subset of passwords that might be of use on mobile - security there is by far inferior.
A compromise between security and convenience might be using a second factor to secure the database, e.g. a generated key file, and synchronising only the database through some cloud. That way DB is harder to crack while having a backup and synchronisation. It’s also a better way for syncing passwords with a mobile.
your both arguments (“+1 for KeePassXC” and “…security there is by far inferior” are somewhat contrary.
cause the DB’s of KeepassXYZ are secure and namely everywhere or they are not (independantly how much passwords they contain)
If having a command line interface like pass appeals to you but you also like KeePassXC, note that KeePassXC includes keepass-cli (which also has an interactive mode). If you’re on macOS and using KeePassXC.app rather than installing via homebrew, or similar, you can find it at /Applications/KeePassXC.app//Contents/MacOS/keepassxc-cli .
FWIW, and going back to OP’s question, I think some prefer a password manager like Bitwarden—as I do—because there have been third-party audits of it and it is open source; AFAIK, the built-in Firefox manager has neither been audited nor is it open source.
All the previous posters make very good points about where the password db is housed and comment clearly on the benefits of not having it in the cloud; however, for my purposes, I prefer saving hashed and salted in the cloud with a developer I trust.
So trusting the firefox password manager is not advised would you say? I’m a bit worried about all the trust I put in my browser, I have a lot of passwords and if there is a breach I could be compromised… The convenience of the browser remembering all my logins is so very helpful as I run CalyxOS on my smartphone and each time I login I need to unlock bitwarden and paste in the password and it happens many times a day and slows me down a lot as I login and out of many user interfaces.