FYI for Brave-Browser users (maybe Chromium, too)

There is a big impact to password storage in versions > 1.50.125. If you use a version newer a warning appears that “system safe storage” and “sync” is unavailable (in my case KDE / kwallet) and all passwords seem to be gone. But luckily they are not. If you stay / downgrade to 1.50.125 everything works fine again. The issue seems to be upstream (Chromium) and so can impact Chromium users, too. Further informations can be found on the web - e.g. here: https://community.brave.com/t/notice-unexplained-data-loss-issue/485498

What happens when you tell Chrome/Chromium to reselect the password store specific to your DE.
For Google Chrome stable like mine it looks like this:
google-chrome-stable --password-store=<basic|gnome|kwallet>

Found in the terminal with:
google-chrome-stable --help

I myself use keepassxc and therefore do not have the problem.

2 Likes

Storing passwords in a browser is generally considered an unsafe practice. :wink:

4 Likes

@anon11595408 : maybe, but it is an widely used practice and I cannot live without, too.
@HPF-84E : interesting question - but I cannot test it easily. I do have ~ 800 passwords stored in my kwallet for Brave and if anything goes wrong using the test I do have a big problem. But I have tested to use Brave/kwallet in a clean new install. Newer versions store passwords in kwallet without problem. The issue seems to pop up when there is already a storage for older versions and you start a newer Brave version.

That is really hard to fathom for me. Perhaps, you’re also using M$O365, Outlook and such things?

@HPF-84E : I do not think that would help. Just a hint - not a proove: After starting new version of Brave KDE’s kwallet message box appears and wants confirmation that Brave can access ist. But after I confirm passwords are still not accessible.

@anon11595408 : If you have a text file ( or, because this is unsafe use a paper written version) and c&p your credentials every time they are needed: I do not have a problem with this, but I do not want to do it. Kwallet stores credentials for many, many applications on all of my systems since ~20 years. It is encrypted and must be decrypted with a master password (like keepassxc) and never has bothered me. Gnome has its password manager, too and like kwallet I think 99% of the users like and use it.

1 Like

I am stopping now discussions about “is Brave a good browser” or “is it safe to store passwords in DEs safe password manager”. I just wanted to warn Brave users not to trap into this issue :grinning:

2 Likes

I might be aged, sometimes even stoned, but not stone-aged!! :rofl:

Using keypassxc here, but I still can’t fathom the 800 passwords, you claim to be using. Not that I don’t believe you… :wink:

1 Like

:joy: OK - I have estimated wrong. It is 684 passwords. But I think that makes no difference…

Only if they become public, “somehow” I guess. :wink:

Of course. But therefor I rely on using Linux, desktops safe password manager, using a password only once and use cryptic pws of letters, numbers, signs and never post the decrypted wallet on Facebook :upside_down_face:

1 Like

Is fixed now in nightly build 1.53.x - I can confirm.

1 Like

1.51.114 appeared today and is in AUR. Maybe worth checking (I don’t use KDE…)

All versions higher than 1.50.125 and lower than 1.53.x are affected. The issue seems to be OS-independent (there are issue reports for Windows and Mac, too) and desktop-independent (there are issue reports for Xfce, KDE and Gnome). At this moment 1.53.x is only available as “nightly build” - no stable version, no dev-version yet.

1.51 is the current release branch for this month.
1.52 is likely the next monthly release
1.53 is the next next monthly release

Good chance the change in question will probably get backported from 1.53 into the previous branches. Brave probably has other devs to move commits back as appropriate.

Net net, 1.53.x might be the only current build with the fix. Future will tell for sure.