I have never heard of Seahorse before yesterday. In search of a password manager, I clicked on Applications/Passwords & Keys. Surprisingly I saw a list of passwords for various web sites I have visited as well as many VPN servers I have visited. I never authorized Seahore to collect my passwords. This seems to be a bad default. To be honest, I don’t remember if the login button was locked or not, but I have locked it now. So if I decide to use a different password manager, would it cause any harm removing Seahorse from my 18.04 system? If nothing else, can Seahorse be disabled?
I need help with Seahorse. I see it simply collects all the passwords that I use at various sites and VPN connections. This seems like something the user should have better control of. Even worst, the app wants to remain unlocked. And if I lock Seahorse, I get a nagging password request. Is Seahorse really needed. Can it be removed or disabled? Maybe I don’t fully understand Seahorse’s purpose, but it does not seem to be much better than keeping a sheet of paper on my desk with all my passwords.
Hey @jaybo, think of seahorse as a app that keeps and issues your saved password upon request. And yes if you lock seahorse then you will be nagged for your login password every time a password request is made by another application. This is actually the default on some distributions, and it is a pain in the hind quarters, which is most likely the reason it is unlocked by default on on Ubuntu.
So for you, because you are logged into your account, seahorse may seem to be a sheet of paper on your desk with all your passwords on it, and if you left your system unattended and someone knew where to look, then they could indeed write down your passwords. However, don't confuse this with someone hacking into your system and being able to view your passwords. Seahorse is only unlocked to you, because you are logged into the GUI, and a hacker would not be.
So in the end, it's really a matter of convenience. You can let seahorse do it's thing, so that you don't have to continually re-enter saved passwords, or not allow it to save your passwords to begin with. Uninstall seahorse and you will have no password management at all. Convenience and security rarely go hand in hand.
Thanks for the reply and description. I can see Seahorse may be safer than I first thought. However, I am still having a tough time understanding the mandatory use of it. And I don’t understand why it wants to save web site passwords that Firefox can save for you as well. I thought OpenVPN saved passwords upon request, I did not think OpenVPN requests passwords from Seahorse. So maybe I don’t understand what apps actually use Seahorse and what passwords are collected just for a convenient database. I still do not have a comfortable understanding of Seahorse.
And in regards to convenience vs security, I believe one should have the option to select what passwords are saved and which ones not. Seahorse does not seem to provide that option.
Seahorse has never saved Firefox, Thunderbird, Chromium, or Chrome passwords on any Ubuntu flavor I have ever used. This is not normal behavior, or at least it has never been for me.
This is not normal behavior either. Seahorse is for system passwords. Not browser passwords, and it has always given me the option to select the duration to save passwords. "Forget imminently", "Until I log out", "Keep Forever"
Are you connecting to the VPN's through your browser as well?
What happens if you delete the passwords from Seahorse?
Perhaps you should check the password settings in Firefox to see if it is set to save your passwords. If not, try allowing it to do so, and delete the ones in Seahorse.
I'm also curious if you have set a master password in Firefox, and if it shows up in Seahorse?
I can send a screen shot if you don't believe. I have over 20 http and https sites saved in Seahorse. Some sites I know are used exclusively with Firefox. I see my web mail accounts, some of my banking accounts, security cameras, facebook, iheart, reddit, and many more.
The VPN passwords saved are only the connections via OpenVPN. I do not see my VPN app passwords saved in Seahorse.
I have deleted all passwords in my 18.04 build, the VPN passwords come back as I use each connection. I am never prompted for the option to select the duration to save VPN passwords.
Firefox has always been set to save passwords. I have never used a master password, but can try to see what happens.
I certainly do believe you @jaybo. I was just saying I have never seen this before and I do not feel like this is standard behavior for seahorse or Firefox. Like you said, Firefox is capable of storing it's own passwords.
However, Google turned up something interesting...
Do you have any Firefox extensions installed that could be causing this?
https://addons.mozilla.org/en-US/firefox/addon/mozilla-gnome-keyring/
At least we now know what you have described is possible, and it would seem that some people would prefer that it did happen 2 years ago anyway.
No I never installed GNOME Keyring integration and it is not compatible with Firefox Quantum.
I did delete all Login keyrings. So far only the VPNs keep re-populating.
1 Like