I’ve added about 10 passwords in the Passwords app. I noticed in the settings/admin/passwords that the “Passwords Cache” size is over 0.5 GB. Is this because I selected the “Big local database” under security checks?
After clearing the cache and selecting “Small local database” it is now tiny.
Yes. “Big local database” downloads a “big” database from https://breached.passwordsapp.org/ with 25 million passwords that’s around 560MB and stores it locally.
i would not recommend using the small database if you don’t have any system limitations that make it impossible to use HIBP or the big database,
it only contains around 0,5% of the breached passwords stored in HIBP and won’t give very accurate warnings.
I use strong passwords and couldn’t care less about this database. I was hoping for a way to turn it off. And no, I don’t want to use the HIBP feature.
“My passwords are complex so they must be secure” is an outdated and insecure belief. The most common way to get your accounts breached is not brute force attacks, it’s with credentials from data breaches.
That’s why the passwords app was the first password manager which implemented a check against breached password lists as a key feature. This has since become a best practice that has been recommended by security experts and government agencies and was also implemented by Nextcloud themselves.
If you don’t want to get notified once your strong passwords eventually end up on the internet, you can go into the settings in the app and disable the security hash.
I will try disabling the Check Hash for now. I’m not using this app for security nor do I want any notifications from it. These all sound like great features for folks who are using it for that purpose.