I stand corrected. It looks like someone implemented a password app.
2 Likes
Thanks, I was not aware of it. I do not have a ownCloud server right now to give a try, but I will find a way next week. 
A password manager on the Nextcloud side is one thing. And by storing KeePass on an instance you get close. The app (never looked into it before) is definitely better if designed right. But the caveat for a password manager is to get full functionality in the browser and device.
KeePass works for this with the hassle of figuring out how to sync it for most devices.
The best thing would be to take a password manager hosted on Nextcloud and create all the browser plugins to connect with it and then also create an app that will connect to it.
For KeePass, one of the best apps for iOS is MiniKeePass. It has worked really well, but sync is a pain.
Then you get into the whole sharing thing.
This works well with LastPass since you can share a folder. But with things like KeePass you have to share the entire database and let it be copied locally. Of course you can have multiple databases, but that again is a hassle to manage and sync.
Coming full circle, a password management app that worked with browser plugins and apps like MiniKeePass would be a great use of Nextcloud.
I fully agree with @JaredBusch and @xandcg : the nextcloud definitely need a password program. A program for keeping passwords is a very basic thing and everyone is using it. If there is a opportunity to centralize this within nextcloud many people will use it, i’m pretty sure.
1 Like
Support for Firefox Sync would bring a password manager with it. The firefox password manager is a quite robust implementation (provided that one uses a master password) with support on most platforms (not sure about iOS). Browser integration is good, but one needs a separate browser addon for managing passwords on Android.
1 Like
Does Firefox Sync provide in storing attachments, cuz this is important when you are storing passwords.
@erikkn Sorry, no idea what the attachments have got to do with password storage. Firefox has a built-in password manager which stores username/passwords combinations (together with attributes such as the website url, the username/password fieldnames, and timestamps).
I’ve used the third-party password addon, and it works fine. But, the trouble with third-party modules is that they have a tendency to fade away and become unsupported. There was another password manager before this one, and that was abandoned.
I just think that password management is such a fundamental part of life on the web, that it would be justified to add it as a supported feature of Nextcloud.
1 Like
as far as I know in iOS firefox is just a safari with firefox UI.
exactly that is the problem. Passwords are really critical data and I think we should ensure that the development of this part is protected by Nextcloud itself.
1 Like
@jknockaert In my opinion people want to save physical letters with credentials, just for there archive. Imagine you receive a letter from your bank with your new CVC code etc. When you insert your credit card number with your CVC code into the password program, it would be nice to have an attachment with extra information (the physical letter) like the name of your banker.
I use Keepass Password Safe (KPS) and sync the file using ownCloud across all my devices.
Since it’s only 1 MB this is fast and efficient.
I don’t think a web-based password manager could ever come close to the features KPS has.
Even for other password manager with less features, it would still be less secure, since passwords are exposed as soon as the server is compromised.
Especially since the server then becomes a very, very juicy target. Getting all the passwords of dozens, hundreds of users all in one single hack ? Yummy !
What value would there be in it ? I don’t mean this in an aggressive way, I’m honestly curious.
4 Likes
As with anything NC, as soon as you want a GUI on the server to view the data, then your data is not safe. Confidential information has to be encrypted on the client and that’s one thing that’s been missing from the official clients and from password keeper apps.
The older Passman app used to have client-side encryption of passwords, but it hasn’t been updated since 2014. It could certainly be implemented again.
and I can read this file with firefox password manager and serveral mobile password managers?
I agree here. Having the database stored in an encrypted format on the server and a decrypted (after password/keys) one on the client makes much more sense from a security perspective. However, I’m not opposed to integrating with Firefox Sync. That seems like a reasonable option.
I know it’s missing, I’m working on a client-side encryption feature 
My point was that passwords are a very critical piece of information, because it basically unlocks everything else.
And, you would lose a lot of very, very handy features with a web-based tool.
You can use mobile apps to read your Keepass files yes.
I use MiniKeepass since I’m on IOS, but I’m certain it exists for Android.
For firefox I don’t know, but I would think not. But with Keepass auto-type feature this is hardly a problem.
Once properly set up, auto-type allows you to fill in user and password fields by just hitting a keyboard shortcut so you hardly lose time.
And contrary to firefox pass manager it’s not limited to web pages. You can autologin in pretty much anything : SSH, RDP, FTP…
Personally, I would not use this feature, I’m with the KeePass crowd already. I think it’s a huge effort to get this right (especially to get this reasonably secure) which could be spent on other things.
6 Likes
But for those of us that arn’t already using KeePass or similar, this would be a great platform. NextCloud are already working on client side encryption so this shouldnt be much of a stretch to handle keyfile/password management. I’m invisioning something with a feature set and ease of use, similar to LastPass but open source and self hosted. Just my 2 cents. 