How to stop 'Choose password for new keyring' prompt on opening Chromium[SOLVED]

[ZakGordon]

First a few links:

viewtopic.php?t=259329

https://www.fosslinux.com/2561/how-to-d ... x-mint.htm

---------------

So this has seemingly been a thing for a while now, although this is the first time i have come across it in 5 years of using Chromium. Is it reated to using Mint 19.1 vs 18.1?

Anyway each time i start up Chromium on my new build PC i get this annoying pop-up:

'Choose password for new keyring'

with two fields to enter the password then to re-enter it to confrim, with either a 'cancel' or 'continue' button. I pick 'cancel' as i don't feel i want to enter a password, and also it is not obvious what application is asking (it would be nice to see it belonged to Chromium perhaps?) so at first i thought it 'might' be malware.

So i get the prompt each time i use Chromium. I have looked around the internet a bit (thus the two threads up top) but not really found what i would consider a satisfactory solution.

I don't want to enter a password and i don't want to have to download other software (seahorse?) just to stop the prompt. There has to be another way where i can instruct Chroium to leave me alone and forget about it's hangup with this damn keyring thing?

So anyone have any good ideas on reaching that place?

Edit:

So digging into Chromiums 'settings' it seems (so far, as i have not had the prompt) shifting the slider over on 'Auto Sign-in' might be the solution. It looks like when the sider option is blue it is 'off' and greyed-out it is 'on'? Which seems a little counter-intuitive when something greyed-out is normally off?

I'll give it time to test before marking the topic SOLVED, but feel free to chime in with your own thoughts if you have anything to contribute

[kukamuumuka]

Just edit Chromium launcher as chromium-browser --password-store=basic

[rene]

.... or see e.g. viewtopic.php?p=1736211#p1736211

[ZakGordon]

ok thanks guys, i'll go check those out as my attempt did not work; the prompt came back.

And note this is JUST for using Chromium, i am perfectly happy with needing to 'log in' to Mint using my password as i am having to enter it each time i am requested for 'admin' tasks. So i don't think the second link is exactly what i'm looking for.

Just edit Chromium launcher as chromium-browser --password-store=basic

Ok i did that in the terminal and got this readout:

Code: Select all

Using PPAPI flash.

Then the browser opened........then when i closed the terminal the browser closed? Does this mean i need to use that terminal command (and keep the terminal open) each time? It's a work-around i suppose but i guess there is no way just to return Chromium to previous functionality where i just click the icon to open the browser and NOT get the keyring password prompt each session start?

----------------

As an aside all this got my thinking 'What is Login Keyring' and at first, as i mentioned above in my op, i was concerned it might be malware asking for something, as it was not something i had seen previously to using Mint 19.1 (is this even related to the Mint version?).

Then with a bit of duck-duck-going (i don't do the other type of internet search!) i saw it was related to Chromium (so probably 'Google' right? i mean they do 'help' develop the browser for their Chrome?), then came across the slider in the Chromium setting i unsuccessfully tried to use to set the behaviour i was after (open Chromium+no keyring prompt+no need to ever set keyring password).

So what is Chromium's keyring and why do i NEED to set it to make it go-away? This will likely be a function i never use so it is a password i have the potential to forget/lose and what happens in a scenario where that might happen and something happens on Chromium where i need to use it if i have set it up (to get rid of the annoying prompt)? Why is there no option to opt-out of it? Why was this considered a good idea? etc

So in the grand scheme of things this is a small concern, but as i have seen all across the tech space, things like Windows 8 GUI (which was not a good idea, and might be behind why the settings interface in Chromium is as bad as it is (the 'Auto-sign' non-functionality etc)), or 2FA (in a consumer sphere, where it mostly fronts as a data-gathering exercise), or when many people use smart-phones to access the internet (and the inconvenience of that in terms of usability and functionality (and likely this pop-up keyring prompt is 'for them'); all these are pervasive and creep into ALL other aspects around if you are not careful, and have in general made modern tech less appealing, less user friendly and less secure (the more data 'out there' the less secure we are) etc.

So is this part of that kind of thing maybe? Is it really that essential the user can not simply opt out of it?

Anyway those are the kind of thoughts this prompt has dug up in this user and i think it might make me just not use Chromium unless i can find a real working solution (that does not effect the rest of my systems security etc). I mean clicking the 'cancel' button twice (i have to on my system as it just pops the request up again after the first 'cancel' click) before using the browser is not that big a deal.........but......well really?

From the second link i gave in the op:

Stop Keyring Popup after reboot in Ubuntu, Linux Mint, and elementary OS

Option 1: Disable Automatic Login

If you don’t have auto-login activated, the keyring is unlocked when you log in to your user account. Therefore, the system authenticates that you are the user and bypasses keyring prompt when you launch Chrome.

So why does this not happen on my system? I guess it refers to the setting i had found in Chromium, but which ever way the 'auto sign-in' slider is set (blue/grey) i ALWAYS get the pop-up prompt for the keyring when first running Chromium?

--------------

Some links:

'What is Keyring':

https://askubuntu.com/questions/32164/w ... keyring-do

'How to Get rid of the login keyring password':

https://community.linuxmint.com/tutorial/view/916

That one again seems to require we download something else (seahorse). Is this really the only way to stop the prompt? Is it a good idea to do this in the sense does it effect any other part of the systems security (i just want to stop Chromium asking for the keyring)?

[kukamuumuka]

Just edit Chromium launcher as chromium-browser --password-store=basic

Does this mean i need to use that terminal command (and keep the terminal open) each time?

No, just edit the launcher.

chromium-launcher.png (27.96 KiB) Viewed 9297 times

[ZakGordon]

Ah yes i had to dig around in the icon (right click>Properties>General>edit) to get what you were talking about. Heh, this one of the rare instances where i assumed you were giving terminal commands, this being Linux

Ok so in my 'Command:' tab i have this:

Code: Select all

chromium-browser %U

I take it i replace that with the whole of what you posted? So i lose the '%U' bit and have the '--password-store=basic' thing instead?

EDIT: ok thanks i did as above and it works! Thank you so much kukamuumuka

I will mark this as SOLVED.

And Google, stop being creeps and please add a working option in the 'Settings' to achieve the same thing. I assume this is coming from the google devs helping on Chromium?

[rene]

And note this is JUST for using Chromium, i am perfectly happy with needing to 'log in' to Mint using my password as i am having to enter it each time i am requested for 'admin' tasks. So i don't think the second link is exactly what i'm looking for.

Your current solution is perfectly fine and I'd leave it as is, but just to clarify; I was suggesting you'd simply let it create the keyring and as per that other thread then remove its password again through "Password and Keys". Come to think of it it probably works to provide a blank password immediately on that create-dialogue you got --- and if you use the same password as your login password it seems you may not even need to do that much, as we seem to be speaking about the "Login" keyring which would get unlocked on login immediately (and/or certainly we could get it to unlock automatically).

As said though, kukamuumuka's tip is perfectly fine. Just to be explicit: both when you use the basic password store and when you don't set a password on the keyring Chromium uses, any in Chromium saved passwords get stored unencrypted somewhere under your home-directory. This is not a problem as such, e.g. Firefox did/does (effectively) no different by default, but still be aware of it.

[ZakGordon]

@rene, oh i absolutely never let my browsers remember any passwords, which was why this was annoying me so much.

In fact i never let my browsers remember anything (cookies, sites visited, geo location etc etc). The browser is just a vehicle i use to get to websites i use, and that is all i want it to do. I have a brain (or pen+paper) to remember all the other stuff. And once i'm done using a browser it gets vacuumed.

[rene]

Oddly enough, that can be less secure rather than more, if it means you are not using e.g. randomly generated 64-symbol passwords for online services... but fair enough

[ZakGordon]

I don't use online services as such, just access (the internet) for info (like this mint forum), news, a youtube video from time to time etc. Basically nothing i'd consider 'essential'. I'm not 'a fan' of the internet of everything way of life (no smart phone either!), it's a data-gathering mine field i prefer to avoid. ymmv

[ZakGordon]

[update]: just to personally thank kukamuumuka, that thing was annoying me so much. So your tip to get rid of it simply without need to download and install anything else was awesome, thanks

As an aside, one of the reasons i don't use any kind of password manager/wallet encryption thing was due to a report from a year or so ago where one of the most popular software in Windows for that, had got hacked, and basically exposed millions of people passwords to the black-market. And when these password managers first started to appear i had a gut level idea there could be drawbacks, especially when they started advertising cloud storage for such things etc.

The bottom line is this, any consumer level encryption can be broken, any cloud based data can be exposed, any software system you use is vulnerable. The only way to fully protect data is to keep it off the net (offline). Then people need to rob you locally and physically to get the data (which is why i have attack dogs and shark pools ), or you need a local catastrophe (earthquake/fire etc) to endanger the data.

The 'internet of everything' is just a bad idea, mostly poorly implemented. All the layers of 'convenience' we stuff into out online lives just make us less secure and exposed to data-gathering and hack attacks. This new Chromium insistence on 'needing' a password, with no clear opt-out option is just part of this growing problem imho.

Tech is cool and exciting, but we need to (collectively) step back a little sometimes and understand the dangers we expose ourselves and our societies too by charing ahead (electronic voting anyone!) without caution.

[rene]

This new Chromium insistence on 'needing' a password, with no clear opt-out option is just part of this growing problem imho.

I'd want to note that this bit really isn't very true. If a program stores e.g. passwords, having it do so through a central, system-supplied "secrets-store" (i.e., the keyrings) is easily better than having each individual such program implement its own security vulnerabilities, certainly if said program is a browser that stores basically all to the average user relevant passwords already anyway. I.e., independently developed, primarily focussed on keeping secrets rather than on e.g. browsing, and configurable by the user to require or not require a master password, the store to be encrypted or not encrypted, ....

Also related to another part of your post, i.e., that "all consumer-level encryption can be broken". "Consumer-level" doesn't mean much, and in that sense, no, it really can not, if you just use e.g. big enough keys. It's a field of mathematics I'm not big on but still do know enough about to be aware of the nature of the difficulties: whereas to a mathematician calling them "fundamental" tends to not feel right, anyone else should really feel very free to call them precisely that. Beyond access to compute power there's really very little difference between "consumer-level" and any other level --- and specifically this then also means that a central, encrypted password store is not a necessarily bad idea, really not even if stored "in the cloud".

I.e., I guess you are referring to the LastPass security incident of a few years back but it was not the case that this "basically exposed millions of people passwords to the black-market". It exposed zero passwords to such; only exposed binary blobs of in practice indecipherable one's and zero's. Which wouldn't be to say I'd urge anyone to use a cloud-based service; keeping it local makes perfect sense, but for many, not keeping one at all simply doesn't work any more, doubly given that thing above about memorable password versus strong ones. Now, that fact in and of itself you may of course consider a problem, but it's not Chromium's or the keyring system's problem; that in and of itself is fine...

[EDIT] I don 't use LastPass so hadn't payed close attention, but while the above is true, e.g. https://www.skyhighnetworks.com/cloud-s ... s-exposed/ would say this was still a bit more serious than said above would imply. That is, with master-password reminder questions also compromised, if as that article also says a reminder-question is "Who was my favourite teacher?" or some such, simply trying popular names may be effective to guess at the master password.

Anyways. Wanted to add that on reading that description, but system-local keyrings are still fine, or at least as fine or finer than system-local application-specific stores...

[EDIT] And another edit.... it might pay if I actually read the entire article before commenting. Nah, no, not even the above it seems. I.e., not even "binary blobs" were exposed; not password-vaults themselves, whereby none of it is available for offline mass brute-forcing; an attacker seemingly needed to login to LastPass to gain access to the actual vault even after compromising a master-password. That's all to say that while it was a serious breach, one should be quite aware what context the word "serious" is in fact to be interpreted in.

ANYWAYS! System-local keyrings [ etc. ]. Shall shut up now.

[ZakGordon]

To each their own. however i will just point you to the very last part of my post above, because i have no issue with individuals deciding they want to use a cloud storage system, or even choosing to own a smart phone. Where it becomes a problem is when i am 'forced' to do so also, against my wishes. That is the tyranny of tech we are right in the middle of right now.

The people that will win from all this are the upcoming new fascists that can exploit all our gathered data for the usual purposes (disappearing people), the ultra-rich that can exploit all our data to get even richer and maintain control of democracy through the same mechanisms (electronic voting etc), the 'elite' hacking groups (that all major countries use) that can have fun doing their thing with all the interlinked technologies we bought into.

The losers will be everyone else, with a small period of perhaps extra convenience for some things. General security (of systems and infrastructure) is increasingly at risk, from hospitals to energy to finance.

Here is one great example for myself, i'd love to own an EV car but many of them require i own a smart phone to access many of the features they come with, also many of them (EV's) come with all sorts of terrible (by design of being there) connected all the time running requirements. I've simply had to put on hold getting one until i can be sure i can use it 'dumb' (not connected). Or maybe do one of those ICE to EV conversion projects (might be my best bet to avoid the modern smart-phone generation design choices?).

I'm just not a fan of all this tech-creep, and really Chromium needs an opt out to make keyring an opt-in option, not the other way around. It's just a browser to connect to the internet, and for people like me that do not need password storage, allow me to carry on being able to use the browser as I used to. if people want to do the password thing, opt-in to set it up.

In short we are probably not going to agree on these things, but the main point is i could 'hack' around the forced keyring Chromium prompt. Thanks again to kukamuumuka for providing a 'feature' that should be there as default.

[racer-x]

The only drawback I've encountered is that it works so well, there's rarely a time when I have to fix anything. I kinda feel like the Maytag Repairman....

All kidding aside, I'm very happy with Linux Mint and am glad I switched over from Windows years ago.

[ZakGordon]

Just edit Chromium launcher as chromium-browser --password-store=basic

Does this mean i need to use that terminal command (and keep the terminal open) each time?

No, just edit the launcher.

chromium-launcher.png

Just wanted to say this works for all Chromium based browsers as well. I just did it using Brave, as that also had the forced keyring password prompt. Just use kukamuumuka's tip above to fix the problem.

[tovian]

I am getting a similar "Nag" when I try to access shares on my local network from "Folders" (Nemo). I will start a new thread so there won't be any conflict/confusion (except for me...... I'm confused all day long).

[jrw32982]

BTW, the --password-store=basic solution described above also fixes the same problem with the Signal app (new "default keyring" prompt during startup). Apparently it has to do with Electron 18. Add the option to the launcher and the keyring prompt goes away. See this github issue for more information.