|
|
A note of caution on Firefox's storage of passwords
Good lord, this is the single worst security decision I've seen in Firefox. Being able to just show every password and username in plain text is ridiculous! It's one thing to autocomplete and know that someone with physical access to a machine can log on to an account from that system, it's another to show what the actual password used is (since I think the vast majority of people use a few passwords) and let the person see whatever pattern or phrases the user likes to create passwords with.
No worse than auto-fill
Auto-fill and display are exactly the same level of security. Javascript can read the value of password fields, which means that if someone visits a page that auto-fills your password they can run Javascript from the URL bar to display that filled password.
No worse than auto-fill
Auto-fill and display are exactly the same level of security. Javascript can read the value of password fields, which means that if someone visits a page that auto-fills your password they can run Javascript from the URL bar to display that filled password.That's still dramatically more work than clicking three times and getting a complete list of web sites with associated user names and matching passwords. Having to visit each site individually and run JS, then combine all that information takes time. Displaying this huge list of information, doing a screen capture, and pasting it in an email to yourself is something that can be done in literally a few seconds while someone's back is turned.
No worse than auto-fill
It would be simple to write a script to do most of the work very quickly (which is actually a big part of the reason that it's currently impossible to run AppleScript on existing pages in Camino). Even manually, stealing a few very sensitive passwords would only take a minute or two. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|