In my experience a lot of Chrome extensions don't need to automatically run on every page. You can go to the extension settings (check chrome://extensions) and limit extensions to run on specific pages or *after clicking* the icon:
I use this for password managers, personally.
Conversation
Replying to
Chromium's own password manager has the best usability and I have a lot more faith in it being secure than a third party one attempting to integrate into the browser via an extension. On Android, there's OS autofill support, but it's still trusting more than just the browser.
2
1
2
I genuinely just keep track of passwords with a text file on both my workstation and phone.
Storage Scopes feature on GrapheneOS is nice for this since you never need to grant apps access to storage and can have a bunch of sketchy apps in the same profile as sensitive data.
1
7
honestly thinking about doing that, i use Google Chrome and Microsoft Edge and i can't keep the passwords in both browsers synced.
how do you keep the text file up to date on your devices?
1
2
I keep my main FIDO2 security key on my keychain and leave it plugged into top workstation so when I go out I take it with me and have that.
Backup FIDO2 security key is my Trezor Model T which can also be restored via 2-of-3 seed phrase backups + set FIDO2 counter to Unix time.
1
3
I have a backup system for my most critical files (GrapheneOS signing keys, documents including passwords, etc.) which get automatically backed up as an age-encrypted file with diceware passphrase. Have that backed up to my main phone, backup phone, 2nd workstation and elsewhere.
My laptop and phone have sftp-only access to a directory with shared data and it's used as a crude pull-based sync system instead of pushing changes to them immediately. If I really needed something sooner I'd just trigger it earlier or send it to myself via an E2EE Matrix chat.
1
4
I don't consider service passwords particularly sensitive and it's just a plain text file encrypted via disk encryption on each device. I have a single strong diceware passphrase remembered and used to encrypt SSH keys, GrapheneOS signing keys and the minimal backup tarball.
1
3
Show replies