1) When I want to
- sign into my Yahoo account using Kopete
- send a mail with KMail
KWallet asks me for a password as to allow those apps to access its contents.

I thought the whole point of the Wallet was to save passwords so you don't have to type them (almost) every time.


2) The passwords are stored encrypted, which is safer than plain text.
However, I open KWalletManager and I can easily read all my passwords (and so can Mr. X who has access to my computer for 30 seconds).

It would have been more secure if the passwords were to be stored in plain text by each app. At least they weren't centralized and you had to hunt them in different folders.

The protection KWallet offers is that in the case of KWallet being closed, your passwords are completely safe from compromise.

For instance, if your system was stolen whilst off or the system was booted using a Live CD your passwords would not be vulnerable to compromise by the malicious thief.

If they were stored using a basic cipher, or worse as plain text in the configuration files, they would easily be stolen and could be used abusively.

If you wish to protect your passwords from being read using KWalletManager, ensure the appropriate close options are selected on KWalletManager > Settings > Configure Wallets, and that KWalletManager is not present in the Access Control tab.

Can you add new rules or modify the existing ones in Access Control?
I can't. I can only delete them.


There's no way I can always allow access for Kopete, as I did for KMail.
KMail offered me a choice: Always allow, Allow once etc.
Kopete only asks me for the wallet's password.

If you open an app like KMail and open KWallet and then leave KMail open, KWallet will remain open and you will not have to open it again to use it with another program; KWallet automatically closes when the program with which you used it is closed.

If the wallet is open when Kopete requests access, then you will recieve the dialog that will allow you to always allow it.