Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A note of caution on Firefox's storage of passwords' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A note of caution on Firefox's storage of passwords
Authored by: juzzyp on Jan 24, '07 12:47:11PM
Camino was my browser of choice for all financial sites for this type of reason, although I am trialling the 1Passwd Password Manager app now because of:
  • cross browser form management (I use Flock and Camino for different reasons, and Opera which does not integrate with 1Passwd).
  • Uses the Keyhcain, so I don't have to remember one more "backup-vital" area

    Would love to hear others recommendations for a good Password Manager across different browsers.

    Someone above mentioned that the Keychain is not safe? Are we saying it is hackable with time and resources (as most things are), or is there a more sinister weakness than that I should know about?

    [ Reply to This | # ]

  • A note of caution on Firefox's storage of passwords
    Authored by: stewby on Jan 24, '07 01:24:27PM

    There's no sinister weakness, just fundamental trade-off inherent in any automatic password autofill system. If you have your bank's password stored (be it in Keychain, Firefox's storage system, wherever) and you have things configured such that when you visit your bank the password is auto-filled without your having to supply a password, then someone sitting in front of your open browser has full access to the password.

    It's not a storage problem. If you say that Camino/Firefox/Flock/whatever application is always authorized to read a password, you have to enforce access to that application if you want your passwords to stay secure.



    [ Reply to This | # ]
    A note of caution on Firefox's storage of passwords
    Authored by: juzzyp on Jan 25, '07 08:50:04AM

    Glad to hear it. Indeed, my Keychain (and the Password app )are enabled by separate master passwords.



    [ Reply to This | # ]