-
Notifications
You must be signed in to change notification settings - Fork 46
App Settings
The Legacy API is the API which was originally provided by the Passwords App in versions prior to 2018.1. This API is used by many clients for passwords and therefore still available. However the API does not support client side encryption or safe server side encryption. It is also makes the application slower and does not strictly enforce HTTPS.
This option enables or disables the API completely. If the API is disabled it will no longer be possible to access it in any way as the app will no longer register the necessary components in Nextcloud.
Note: The browser extension does not support the new api in versions prior to 2.0.0.
This settings is read only. It should tell you when the legacy api was last used. If you can see that the api is no longer in use on your server, you should disable it.
These settings influence how Passwords processes different types of data internally.
You have two options for image rendering. If Imagemagick or Graphicsmagick are installed on your system, they will automatically be chosen as default. GDLib should only be chosen if Imagemagick is broken or not available. GDLib usually provides lower image quality and might not work with all formats.
Note: If you have Imagemagick selected, make sure that svg is supported. Otherwise GDLib will be used in some cases.
In this section you can configure all the third party services used by Passwords.
This service is used to check if a password is safe or not.
Have I been pwned? is the recommended service. Is might be slow if a lot of passwords needs to be processed, since you can only make one request every 1.5 seconds. But in general it has the largest database and is updated regularly. If a bad password is found, the hash is stored locally so that the service does not need to be contacted again.
10 Million Passwords downloads a static password file and fills the local cache with it. After this, all password checking can be done locally. It is faster than Hibp when it comes to checking passwords, but of course it does not contain that many passwords. Updating the database can take up to 1.75Gib of RAM or up to 125MiB on less powerful systems. If you do not have that much ram available, you should not use this service. It also requires up to 512Mib of disk space.
1 Million Passwords downloads a static file with the most common passwords. It uses a lot less system resources than the 10Mio passwords and should run on any system.
10 Mio Passwords + Have I been pwned? fills the local cache with the most common passwords. It is faster if a bad password is found in the 10 Mio Passwords database since Hibp is not contacted in that case.
This service will be used to generate the basic words for a new password.
Local Dictionary uses locally installed dictionaries for different languages to provide words. It has the best language support.
watchout4snakes.com is only available in english. It can provide words based on their rarity and type and is therefore the best service to generate easy to remember and secure passwords.
Random Characters generates sets of random letters for the service. This service has no dependencies.
This service delivers the website favicons . The icons are only fetched once for a domain and then stored locally.
Local analyzer fetches the start page of the domain and searches for common icon tags. This service usually finds the most icons, but also the most useless icons.
Besticon uses a besticon third party service to find icons. The service can be self hosted by following our tutorial. The url for the service can be defined in the settings. Any compatible api is accepted. It usually returns the best icons and also good default icons if none is found.
favicongrabber.com is free, requires no software and delivers good icons. There is an api request limit which means that it can be slower.
DuckDuckGo uses the icon service of the search engine. All icons have a native resolution of 32 pixels.
Google uses googles icon service. It finds the least icons and they usually have a crappy resolution.
None always returns a default icon. It is the fastest and most privacy friendly service.
If you use a service with an API, you can enter the url here.
This service is used to generate previews of websites. Only the front page of the domain is called and at maximum twice for mobile and desktop views. If you know a good program or service, feel free to open an issue to support it. (Requirements: Offers a free plan and has an api)
Pageres/PhantomJS requires pageres-cli and phantomJS to installed locally.
Usually very reliable local and headless preview generator with a modern browser engine.
If the installation with NPM fails, try sudo npm install --global [email protected] --unsafe-perm
.
Browshot offers 100 free screenshots per month.
The api offers HTTPS by default, you can view the screenshots in your account and you can buy additional screenshots as you need.
Passwords will check your account and use free screenshots if possible.
(Instance 27 is used for desktop and instance 67 for mobile.)
If your account balance allows it, passwords will use premium instances if no free screenshots are left.
(Instance 58 is used for desktop and instance 275 for mobile.)
You can specify the premium instance to use with the config keys service/preview/bws/mobile
and service/preview/bws/desktop
manually.
screeenly offers unlimited free screenshots and self hosting
It has HTTPS by default and usually creates proper screenshots.
You can either just enter an api key and use the hosted version at screeenly.com or enter a full url like https://secure.screeenly.com/api/v1?key=yourapikey
where everything before ?key=
is the api url and the key is your api key.
screenshotlayer offers 100 free screenshots per month. If you need more, you have to buy a subscription. Triggers the bot protection on more websites and HTTPS is not supported.
screenshotmachine.com offers 100 fresh screenshots for free per month (accumulative) and impressions are free. You pay what you use, it is quite fast and supports different devices. HTTPS is not supported.
None just delivers one of five default images.
If you use "Browshot", "screenshotlayer" or "screenshotmachine.com", you will have to provide an api key here. Otherwise these services will not work.
These settings can be overwritten by the user.
Enable emails for security relevant events by default. This will enable emails for bad passwords.
Send emails when a password was shared with an user.
Passwords makes regular backups of the raw password database. These backups can be used to restore the entire database or the database of a specific user.
Specifies the interval in which backups should be created automatically.
The default value is Every Day
.
You can also create backups manually with the command line command.
Note: You can not disable automated backups since we really can't help you when you loose your data.
Specifies the amount of backups to keep.
If the maximum is reached, the oldest backup will be deleted.
This setting also includes manually created backups.
The default value is 14
, setting the value to 0
will keep all backups.
The shorter your backup interval is, the higher this setting should be to cover at least two weeks.
Specifies the time after which passwords, folders and tags deleted by the user will be removed from the database permanently. This setting does not affect the data of deleted users which will always be deleted permanently.
This setting will modify the Nextcloud core to enable the installation of nightly updates.
The system config key allowNightlyUpdates
will contain an array of apps for which the nightly updates are enabled.
Note: You can add other apps to allowNightlyUpdates
or remove passwords from it manually, but the functionality will only work if the backend option is enabled.
The server survey will send us some anonymous data of your server once a week. This helps us to plan the future development of the app. You can either contribute basic data (Nextcloud, App and PHP version) or full data (App Settings, Encryption usage) or no data at all. You can read more about this here or take a look at our statistics generated from the data.
Caches are used to store temporary data. they are usually not emptied by the app. If problems occur, the first tip is always to empty the related cache.
Usually not used. Contains general files.
Contains rendered images of user avatars.
Contains the raw and scaled favicons. This cache can not be cleared if you are using the shared BestIcon instance.
Contains the raw website screenshots and resized or cropped versions.
Contains lists with bad passwords.