How you manage your passwords in SFOS

A question to the community. How you manage and sync your passwords on SFOS with the rest of the devices you use. What setups and software you use etc.

I need passwords mostly for online services and on my PC i rely on Firefox. But given that Sync is not supported in the sfos browser and there are services where i have to change the passwords regularly (ie banks) manually transferring them is a hassle. So i need to know how people tackle this.

4 Likes

Something of a non-answer… but services that make you change passwords are silly. NIST even recommends against it.
Banks here have been 2FA since basically always, so they fortunately never caught on to that madness.

For general management, just saving passwords has proven to be enough for me, but will be interesting to see what people have use of.

I use KeePassXC for desktop, OwnKeePass for Sailfish and manual database synk, when (seldom) needed.

8 Likes

My bank makes you change passwords every 2-3 months and when you make a transaction you get an SMS with an extra code to enter etc.

It is what it is. :man_shrugging:

Keepass database with password and key file (which can be any file like a picture, or the MD5-hash of your pet’s name in a text file etc).

Put pwd database on favorite cloud storage ( in my case, NextCloud).
Do NOT put key file there (you copy that around manually and securely on a channel different from the cloud storage. Or even re-create it on the fly using the recipe you know like the pet-name-md5 example above.).

OwnKeyPass for SFOS, other keepass-compatible software on other machines.

Set up Sailsync on SFOS device, sync the folder with the keepass file .

Set up sync-on-change for the Sailfish-local place of the cloud storage. Set up additional systemd timer for syncing toward device.

4 Likes

I use pass on my computer and passilic on my Sailfish. I sync manually my passwords.

3 Likes

same here, have been doing that for a while, works perfectly

I’ve added very few apps to my phone but the one app I can’t be without is Safe lite. It’s shown as the ‘Lite’ version but has always been the full-fat version due to the lack of paid-for apps on SFOS. I’ve been using it for a number of years now, probably since the early days of Jolla 1 and have never tried other password-safe type apps as this has always fitted the bill for me.

Similar solution for me:

  • OwnKeepass app for frequent passwords
  • SailOTP app for the TOTPs (e.g. Google Authenticator 2FA)
  • and otherwise for rarely-used passwords there is the main cloud password manager accessible via web (in my case Bitwarden).
1 Like

yeah ! i am also using ownkeepas and sailOTP. It runs fine.

Delayed response: I am using combination of keepass (ownkeepass) and syncthing to keep databases in sync between devices and PCs.

On SFOS, I sync by running syncthing only when I want to update the password database. This is done from terminal and using browser to follow its state. As I never modify the database on SFOS, you don’t have to sync from phone proactively. On swarm of PCs, syncthing is running 24/7

In addition, data is backed up (kopia) regularly. Just make sure you have password for the backup available without keepass. So, if something goes wrong, you can restore the database.

Also ownKeepass and SailOTP. I pull the Keepass DB from cloud storage using rclone.

I use the password DB on my phone only for reading and never add new entries there and do not sync it back. Just too paranoid with all the different Keepass clients on different platforms for something to go wrong.