How to banish kwallet

I want to banish kwallet from my Leap 15.1 system. I don’t want to use it – ever!! I don’t even want to be asked about it again! The problem with kwallet, as far as I’m concerned, is that it assumes i’m always working in a KDE environment. I want something, like LastPass, that is system-independent – that I could even use in an Apple environment – not that I’d ever want to work in an Apple environment!!

I suppose that **kwallet **could be useful for people who only work in the KDE environment, but it should never be imposed by default.

You can set the “kwallet” password to the empty string. And then you won’t ever be prompted for it.

You can install pam_kwallet so that “kwallet” is automatically opened at login (but not if you auto_login).

Maybe you can persuade the KDE developers and the Gnome developers to merge kwallet and Gnome-keyring, though I would not set my hopes too high on that.

Getting KDE developer and Gnome developers to commit to external software such as LastPass for a critical part of their desktops – honestly, that isn’t going to happen.

System Settings > Account Details > KDE Wallet > Wallet preferences > uncheck ‘Enable the KDE wallet subsystem’

And your question is ?

They might consider the existence of other public password managers, but I would not expect or even want them to commit to a particular one. But I think it’s a mistake to enable kwallet by default.

KDE is very configurable (so I don’t see an issue here at all)…configure or disable as required…
https://docs.kde.org/trunk5/en/kdeutils/kwallet5/kwallet-kcontrol-module.html

My solution is to simply install and use the LXQt Desktop instead.
Because LXQt is based on the KDE Qt framework, in general every KDE Qt application can be installed without a massive addition of a different framework (eg apps based on the Gtk framework). Of course, any apps like kwallet that requires additional KDE components will install those additional components from KDE so you may end up installing a lot of KDE/Plasma anyway.

It’s just a choice.
With LXQt you’ll start with a different selection of default apps but it’s usually an easy install to add KDE/Plasma apps.

TSU

This is by no means a solution. Nor is it what the OP is aksing for. LXQT != KDE replacement.

LastPass seems to use a server, somewhere – on Mars, the Moon, in the Kremlin – to store their customers password collections – as a “Freemium” product, those who do not pay anything presumably get their password collections stored on the Kremlin server …

  • And, this is exactly the issue here – if you wish to have a system-independent password wallet/collection then, the wallet will have to be stored on a server, somewhere …

[HR][/HR]As far as passwords are concerned, personally, I would never, ever, trust a 3rd party storage for the collection.

I can see your issue but, personally, I would only trust, possibly, a personal, private, network storage, which could be a private Cloud …

For small environments, I suggest that the password collection(s) be exported in a universal format such as XML and then, the collections can be imported into whatever password collection is used by the other platforms in my “bubble” …

Personally, I use the export of my password wallets in both encrypted and XML formats to backup to wallets – I move the exports to a set of DVD-RAM disks which are stored in a secure place.

@pwabrahams:

I looked up Bruce Schneier’s views on LastPass: <https://www.schneier.com/blog/archives/2019/02/on_the_security_1.html&gt;.
Earlier discussions on this topic are here: <https://www.schneier.com/blog/archives/2014/09/security_of_pas.html&gt; – the two USENIX Security papers are recommended reading.
[HR][/HR]I’m wondering about the “content is synchronized to any device the user uses” aspect of LastPass – none of my favourite security gurus on the western side of the ditch seem to be concerned about this … >:)

Save a password once, and it’s instantly available on all your devices.

LastPass keeps your information private, secure, and hidden (even from us).

[HR][/HR]Who is Bruce Schneier?

  1. Blowfish, Twofish, Threefish creator – plus other cryptography work.
  2. Fellow at the Berkman Center for Internet & Society at Harvard Law School.

What about M-DISC? M-DISC - Wikipedia

Haven’t tried that yet – I’ve recently swapped out the original LG GH24NS70 (no M-DISC logo) drive manufactured in 2011 for a new ASUS 24D5MT – the new drive claims M-DISC support …