Web lists-archives.com

Re: The situation of KWallet, and what to do about it?




On 07.07.2016 18:43, Elvis Angelaccio wrote:
- We make encrypted password storage optional and non-default (easiest
solution, but not exactly in line with KDE's vision)
I disagree on this point. Even if KWallet were free of usability
issues, it would still provide a false sense of security. The user
thinks that his/her passwords are safe, while in fact they are not.
If we don't have enough manpower to develop and mantain a proper
keychain in Plasma, we should tell our users. This way they can make
sure that, for example, the unsafely stored Wi-Fi passphrase is not
used for other accounts. This is already closer to our vision than the
current situation.

My vote is: we either do it right, or we give up. If someone steps up
to fix this problem, great. Otherwise we should start to slowly port
away from KWallet.

Good point!
I still hope we'd find a secure solution, but no central storage may
indeed be better than an insecure one.