Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A note of caution on Firefox's storage of passwords' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A note of caution on Firefox's storage of passwords
Authored by: alani on Jan 24, '07 07:49:31AM

I might disagree with Rob on this one. It seems like a much bigger problem than passwords stored in Keychain.

While passwords on a computer can be overridden by someone with physical access, I don't think passwords can (in general) be displayed -- they're stored as encrypted strings. Am I mistaken?

This problem is further aggravated by remote back-ups. I back up my Firefox profile to a couple different places that are probably less secure than my Mac. Can anyone grab those copies and spy my passwords?



[ Reply to This | # ]
A note of caution on Firefox's storage of passwords
Authored by: johnsonua on Jan 24, '07 10:51:38AM

Firefox *stores* the passwords (master password or not) in encrypted form. The issue is the display of the passwords within the program, and this is a good, common sense tip.



[ Reply to This | # ]
A note of caution on Firefox's storage of passwords
Authored by: Brock Lee on Jan 24, '07 12:59:03PM

But if I'm reading the initial post correctly, it can be automatically unencrypted without the user having to provide a password. This can only be possible if the key is known or can be easily derived. And if that's the case, this "encryption" is not worthy of minimal security.



[ Reply to This | # ]