Add Password manager by default

LessPass is an interesting password manager because it deterministically generates the same password for the same logins no matter what device you use it from without needing to sync the databases. This is possible because it generates these passphrases based on site, login and a master password.

Not packaged yet for Debian because it has non-packaged dependency:

1 Like

Let’s add https://packages.debian.org/buster/keepassxc in Whonix 15?



Any opinion?

1 Like

Good find! Arcieri knows his stuff and it’s good to see a knowledgeable analysis about this family of pw managers. According to this new info we should actively discourage stateless managers on the wiki, citing the main argument headings. These ar core design flaws and can’t really be fixed.

1 Like

Yes it’s the only m well known major option

1 Like

YES! At last this five year old thread can find some closure. :grin:


Ive been using pass-qubes with SecBrowser.


It is possible to use the same vault for multiple AppVMs. I have that configured now for my SecBrowser. For example, i can add just my email password to my Thunderbird (only) AppVM. Then set environment QUBES_GPG_DOMAIN=my-vault.

Next I could add my whonix forum password in separate AppVM with environment QUBES_GPG_DOMAIN=my-vault set in that as well.

Also possible to add the password-store to an dvm template (AppVM with pref template_for_dispvms=true).

1 Like

Having tried keepassxc (the current default in Whonix 15) I consider to avoid it and use keepassx instead.

Main reason is I dislike the AutoType feature that can’t really be fully disabled as far as I’ve seen. I prefer not to have an app (especially one that is used so frequently) that sends data (and in this case, very sensitive data) to other applications in this way. Too easy for mistakes to be made.

1 Like

/cc @Patrick I’ll change it if you don’t have a strong argument against keepassx?

Github are being assholes and me to verify my account, but they never send the verification email, so my account is dead/locked until further notice.

supports yubikey.

Not sure we should change packages as quickly due to a single user mention. Because then the next user comes and asks why that was.

What was the reason to go with keepassxc in first place?


Also we get really disorganized by discussing this in a totally different forum thread.

Upstream discussion / upstream bug report?

Has this been discussed anywhere else before?

development of keepassx was basically ended. i don’t know if that has changed.

1 Like

Comparing the two further, I found that KeePassX also has an AutoType feature, it’s just doesn’t appear as a toolbar icon but rather as a menu item under “Entries”.

Then, disabling of AutoType is possible (in both managers) by:

  • Right click on the root group
  • Choose “Edit Group”
  • Choose “Disable” at the Auto-type menu

as long as the child folders keep the default setting of “Inherit from parent group” Autotype is disabled there too.

I’m still more comfortable using KeePassX but the end of maintenance as pointed out by @tempest may be a stronger argument as far as Whonix userbase is concerned.


keepassxc --config

allows launch with a custom config file.

I didn’t find a dot file or directory under the home dir though.


A post was split to a new topic: Install keepassxc by default in Kicksecure?

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]