There are several options available to manage passowrds. Kubuntu Focus computers come with a couple of these pre-installed, but there are several others that you can find across the web.
Manage passwords efficiently with KeePassXC.
Please read the disclaimer before proceeding. We review and update guided solutions regularly. If you have suggestions or requests, please write support@kfocus.org.
KDE Wallet is the default password manager on Kubuntu systems. It stores passwords completely encrypted and unlocks upon login. All KDE applications integrate with this password manager, and it stores Wi-Fi passwords, file manager passwords, and other system passwords. It also integrates well with Google Chrome and other browsers.
By default, the KDE Wallet master password is the same as your user password. For this reason, if you ever change your user password, your KDE Wallet password will no longer unlock automatically upon login. You can fix this by making sure the passwords match again:
System Settings > KDE WalletWallet Preferences, enable [x] Enable the KDE Wallet Subsystem.Wallet Preferences, optionally enable [x] Use KWallet for Secret Service interface.Wallet Preferences, do not check any other boxes.[ Launch Wallet Manager ].Wallet Manager app appears, click on the top-right button labeled Change Password...Some apps that handle passwords and logins use libsecret. This can be provided by KDE Wallet, KeePassXC, or GNOME Keyring. KDE Wallet is enabled by default and should work for most, as discussed here. You can also use KeePassXC for libsecret, as described below. We suggest you avoid installing GNOME Keyring if you can.
KeePassXC is a cross-platform, sync-able, decentralized password management solution. It has plugins for Chrome (and other Chromium-based browsers), Firefox, and Android clients. For these reasons, we highly recommend it, and feel it's a compelling alternative to commercial services like LastPass and 1Password.
To use KeePassXC to manage web passwords, install its browser extension. For Firefox, use Menu > Add-Ons and themes, with Chrome, use Menu > Extensions > Visit Chrome Web Store. Then in KeePassXC, enable browser password integration by clicking on Settings (Gear Icon) > Browser and select your browser, like [x] Firefox, and click OK. If you are using the Firefox snap, see the Browsers Guided Solution for additional adjustments you will need to make. The 24.04 Kubuntu Focus Suites replaces the default Snap with the official Firefox packages from Mozilla.
To enable KeePassXC's secret service integration, for apps such as VSCode Settings Sync and Fortinet Client, follow the steps below:
secret-service.Tools > Settings > Secret-Service-Integration and check the Enable KeePassXC Freedesktop.org Secret Service Integration. Then click [ Ok ].Tools > Settings > Secret-Service-Integration, click the General tab, and then in the Exposed Database Groups table, click the small pencil icon next to the database you want to host the secrets. This will show the Database Settings dialog, which has a Secret Service Integration section. Select Secret Service Integration and then check the Expose entries under this group radio option. Select the secret-service group you created earlier, and click [ Ok ].sudo apt install libsecret-tools), which provides the secret-tool utility. Then, while the database is unlocked in KeePassXC, test storing a credential by entering the following into a terminal: secret-tool store --label='Created from cli' account test. Enter your desired password when prompted. KeePassXC should show then show a new credential under the secret-service group.Some forum posts recommend installing Gnome Keyring; however, this can interfere with the KWallet subsystem. For this reason, we strongly recommend you try to use KWallet or KeePassXC instead. Additional information on KeePassXC's libsecret capability is shown here and in this AskUbuntu post.
KeePassXC's database file can be stored on a cloud drive such as Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud, or similar. This is useful for synchronizing across multiple devices. To learn more, visit the KeePassXC website documentation.
Sometimes, a database file can conflict when shared on a cloud drive. This can happen if you change passwords on two devices, but the sync is disabled or delayed. When this occurs with Dropbox, the offending file is kept with a name like foo-conflicted.pas. To resolve this issue, you can merge databases:
Database > Save Database Backup... to backup your current database.Database > Merge from Database and read-in the conflicted file.To compare changes between databases, like those before or after a merge, you can follow this procedure:
Database > Export > CSV File the databases you wish to compare.kdiff3 or meld to compare the CSV files.The KeePassXC team released a security audit which we also encourage you to review. You can learn more from the official KeePassXC website.
Password recovery can be a complex system issue. Please see Installation Recovery Guided Solution for how you can do this.
Decentralized browser-based solutions exist as well, such as ownCloud and Nextcloud. These solutions require your own web server and adding the respective password management apps to the ownCloud and Nextcloud instances you run on those servers. For more information on these, see the links to the respective solutions.
Q: I am prompted frequently to sign into KWallet. Is this normal?
A: No, by default the KDE Wallet master password is the same as your user password. The login system recognizes this and unlocks your KDE Wallet automatically. If you change your user password, you should also update your KDE Wallet password to match; otherwise, you will be prompted to open the KDE Wallet when an app needs it. See the KDE Wallet section, above, for full instructions.
This is a partial revision history. See the git repository for all entries.
2025-04-19 274c0ff1 Update grammar and content per audit2025-03-31 003d5bb2 Remove tab characters2025-02-17 5889d119 Update and expand KWallet advice2024-08-23 ded8bc3c Add disk passphrase image2024-08-19 57a2389d Add white theme2024-07-28 ee7b4601 Update metadata content, collapsable sections, lightbox2024-07-26 7814a97d Sync primary images between guided solutions slideshow and articles2024-07-24 339b6f55 More lightboxing and image updates2024-07-21 7233facb Add KeePassXC database merge and compare2024-06-05 d9dbfd02 Note Thunderbird and Firefox 24.04 packages2024-05-02 68a59c71 Update passwords with browser integrations instructions2023-11-18 e770b1c6 Add search and help bar2023-11-16 30f1145b Add KWallet passwd advice2023-06-28 e4a03c44 Include KeePassXC audit link2023-06-09 beb8e0bc Add Fortinet advice, qdbusviewer2022-03-21 06240af7 Add KeePassXC libsecret advice2021-10-10 5728326e Reformat to 2-column2021-09-22 dc862884 Update link and headline colors2021-08-23 681261b4 Review and update codeblocks2021-07-27 9e6157ce Update KWallet advice2021-06-18 13c5e182 First publicationWe try hard to provide a useful solution validated by professionals. However, we cannot anticipate every situation, and therefore cannot guarantee this procedure will work for your needs. Always backup your data and test the solution to determine the correct procedure for you.
THIS SOLUTION IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOLUTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
HAVE QUESTIONS?Call 844-536-2871 or write
TellMeMore@kfocus.org | GET FOCUS MERCH