Don't save credentials in keyring

Crys · September 5, 2023, 2:48pm

I use the Nextcloud desktop client on Ubuntu ( specific case Mint Cinnamon 21.2).
I log in to the system via fingerprint. From then on I have access to everything … Logged in programs like Thunderbird, Joplin … root rights in GUI and Shell … but not to the NC Desktop Client. Because here the credentials for my cloud are stored in the keyring, which can not be unlocked with the fingerprint.

Unlocking the keyring by fingerprint seems impossible. Is it possible to save the login data of the Nextcloud client in another way, not in the keyring?

Thanks a lot

just · September 5, 2023, 4:43pm

Which keyring? Check their documentation and bug tracker related to the fingerprint unlock.

Crys · September 5, 2023, 8:47pm

The keyring of Gnome (3)? The keyring used in Mint Cinnamon, I am not an expert on this.

An issue has been reported for a very long time (years), but this does not seem to be an issue that will be fixed soon.

just · September 6, 2023, 2:23am

Got a link?

bb77 · September 6, 2023, 5:57am

And I hope they never “fix” that, because I think using the keyring is the right way to do it.

Anyways, the correct and secure way to handle your usecase would be to log in once with your password, after starting the computer, and then only use your fingerprint to unlock the screen after you’re logged in, just as you’re doing it on your smartphone.

Or you could use the following insecure method:

DON’T DO THE FOLLOWING if you’re not using Full Disk Encryption! Otherwise anybody with physical access to your device can steal your passwords!!

Install Seahorse (GUI for GNOME Keyring), edit the password in there, respectively set it to a blank password. This will unencrypt the keyring permanently, and no password will be needed again.

Kerasit · September 6, 2023, 6:24am

I liked this comment because of the warning.

Crys · September 6, 2023, 3:24pm

[quote=“just, post:4, topic:169539”]
Got a link?[/quote]sorry, I can’t find an official link right now. But the topic is present on the Internet for at least 10 years.

If so, please always use a different complex password everywhere!

My concern here is the right balance between comfort and safety. No keyring password is also my standard solution. Alternatives are everywhere the same short simple password or change to MS Windows.
But I did not want to write about that …

Other programs (like those listed: Thunderbird, Firefox, Joplin) do not use the (Gnome) keyring. Here you can manage everyday life without having to enter a password all the time, and you are still safe.

bb77 · September 6, 2023, 3:39pm

What does this have to do with the issue at hand? In this case, you only need to remember a single password, the one to log-in to your computer, which also unlocks GNOME keyring.

With a strong tendency towards comfort, if I understand you correctly

If you enter your password once after starting up your computer, the GNOME keychain will be unlocked. You can then use the fingerprint every to unlock your screen without having to re-enter the password until you restart your computer.

Well that depends on how securely each of these applications will store these passwords.