A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

[Spec] Import/Export passwords in Keepass format for all browsers

Anonymous2292900
2022-08-03

1. Why is it important?

  1. This can make all the differences and possibilities of passwords between browsers possible, unique
  2. I would like to help wicg in some way with some amazing, innovative idea or provide ways to make the web better in terms of technical goals: better security, better performance, helping end users to use the web for their research, better privacy etc.
  3. There are several requests that have been thought about this, however I haven’t found much technical information on how this could be done. Therefore, open this possibility in this topic
  4. “Makes users’ lives easier”
  5. It guarantees the same process of importing/exporting passwords in a secure way, since in theory all browsers will be able to use the same standard.
  6. “Keepass has been around for a long time and is a well-established, popular solution known all over the world.”
  7. “Mozilla Firefox is considering making a similar implementation - it is not known when: link
  8. There is a closed technical discussion on privacycg about this, but no response: link

2. What are the problems to make this possible, viable? Or what problems do not make this possible, viable?

  1. “Frankly there is absolutely no incentive to browser programmers to incorporate the keepass format.” - link
  2. “The problem with passwords today is that every browser implements the way to import and export passwords. I argue that to have good security/privacy of user data we have to have a universal standard in importing/exporting passwords. I believe that for this to be done, we have to adopt the standard of open solutions with MIT/GPL open licenses, etc. When I refer to a universal standard for importing/exporting passwords, I say that it would be interesting, as I said before, to adopt the keepass open format for this.” - link
  3. It’s 2022, and the bookmarks format is the same as it was in 1999. So why don’t we have the same Keepass format for importing/exporting passwords in all browsers? - reference here Netscape bookmarks
  4. “The main objective of having a universal password import and export format for all browsers is to make life easier for users.”
  5. “This reminds me of some historical facts - for example, lisp had several versions - programmers made commonlisp - which had features common to different implementations of lisp.”
  6. “This case that I mentioned historically also happened with markdown - there are several formats of markdown - they even created a universal format called common-markdown.”
  7. “As you can see, I mentioned 2 historical facts of a universal format that occurred as lisp/markdown - I could mention opendoc - which is the universal open text format that was created because there were proprietary formats that you would hardly be able to open your file without having to use proprietary software.”
  8. “by which I mean there is a possibility to have a universal password format - if browsers want to have better compatibility for other browsers. The argument I use here is the same for lisp/common-markdown or for opendoc/bookmark-format.”
  9. I’m seeing the applicability of this idea on the web, this topic is the same problem as csv, csv is a file format that was only validated on the web in mid 2008/2014 - I don’t remember the year exactly - The same problem occurs with keepass differently, it is a common format for passwords - but there is no standard for universally passwords in web

3. Who could benefit from this?

Programmers, software developers, content creators, end users, business people, doctors, free and open software community - many people from different technical backgrounds or knowledge, browsers…

4. Technical references and other important links
  1. Import/export passwords in keepass format for all browsers · Issue #8316 · keepassxreboot/keepassxc · GitHub
  2. GitHub - authpass/authpass: AuthPass - Password Manager based on Flutter for all platforms. Keepass 2.x (kdbx 3.x) compatible.
  3. https://www.kee.pm/
  4. KeePassX · GitHub
  5. KeeWeb · GitHub
  6. GitHub - Kunzisoft/KeePassDX: Lightweight password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
  7. GitHub - PhilippC/keepass2android: Password manager app for Android
  8. KeeWeb · GitHub
  9. KeePassXC · GitHub
  10. Encryption of passwords imported into a file - Mozilla Connect