Sure yeah. I think corpos suck, too. That’s why I don’t prefer 1password. But Firefox puts their passwords into a file, too (two actually). Key3.db and Logins.json, both with known locations, and encrypted using AES-256-GCM which is… Decent but I prefer to go a little more hardened. The thing with keepass is the following:
- Its open source, no corpo
- The file encryption you select can be as hardened as you want
- No one but you need know the location of your file
- It offers 2fa which Firefox password manager doesn’t
- Firefox password manager is more susceptible to social engineering attacks is mainly what I was worried about but it seems like you’ve got a good handle on it.
- You don’t have to integrate keepass with the browser to use it
But I want to make it abundantly clear. @[email protected] has not recommended storing your passwords in a file. They have suggested storing your passwords in a mechanism that can be as secure as your hardware is capable of securing and keeping the location of that up to your own decision making.
But also. Promise me this. If you’re going to keep using Firefox as your password manager:
- Don’t use sync. That’s run by Firefox’s corporate arm, Mozilla PBC
- Use a primary password of at least 32 characters
- Consider rotating your password on a regular interval, like on your birthday
Only reason I unblocked them was in case I needed to refute their claims anywhere. Suffice to say though, for anyone reading this, a good rule of thumb is if Possibly Linux says it, decent chance its untrue