Firefox Saved Passwords… handy, but insecure?

 

Firefox saved passwords is a neat little feature that Firefox has in its browser. Being a web developer I have 100′s of username’s and password’s to remember for FTP, Control Panels, etc… Using Firefox saved passwords automatically fills these in for me. Great, right?

Well obviously it saves you time, but at a security risk. If someone now compromises your laptop and can get to the browser, they can have access to privileged information. You should have other securities in place to prevent this from being so easy. Having a log in to your computer would prevent them from even getting to the browser.

Now whatever this isn’t so bad if they use your Firefox to browse right? They have to know the URL’s of each privileged site (or look at the history). This has to be done individually and would really take some time. How many passwords do you think I could steal in 1 minute? Probably not a whole lot right?

Well I can actually view all your saved passwords in one “secret” place; well actually it is in Tools >> Options >> Security.

Now that I have scared you to the point of switching browsers… hopefully not IE6 ;) I will tell you of how to protect yourselves and some practical GOOD USES of this functionality.

Example of a good use for Firefox Saved Passwords

Today I was asked by a fellow web developer of mine what the password was to a site we were working on. I thought for a moment, and realized a little while later that none of my files told me what the password was. Getting a little frustrated, it hit me that it was saved in Firefox. I then checked out the saved passwords section of the options and was not beaten up by this fellow developer for losing the password.

How to protect yourself

For those of you that take your security real seriously, I will ease your nerves by saying that Firefox allows you to specify a master password that protects the rest of your passwords. This in itself would prevent me from accessing all your saved passwords in 30 seconds flat.

Conclusion

What do you think? Are saved passwords handy? or too insecure?

Be Sociable, Share!

Related posts:

  1. Firefox 3
  2. Hacking Add-ons To Work in Firefox 3.5
  3. Firefox 3 advancing, but IE6 not going away…
  4. Internet Explorer Bugs


Written by Brenley Dueck

 

6 Responses to “Firefox Saved Passwords… handy, but insecure?”

  1. Nate Says:

    January 12th, 2009 at 10:31 pm

    Depends on what passwords you have saved, and whether the computer itself is secured. I focus on convenience with programs like Firefox, while making it more difficult to access Firefox in the first place (i.e. login screen). My computer locks up after 1 minute, so even if I just walk away for a moment, no one is likely to gain access … I tend to trust the people I live with anyway ;-)

  2. Justin Yost Says:

    January 12th, 2009 at 11:50 pm

    I’m anti saved passwords, staying logged in sure. But saving your passwords is an easy way to get stuff messed with especially at work or a public environment.

    Though what I use is http://clipperz.com/ installed on my own server so I don’t even have the database being owned by someone other than me. I can store all my passwords and with one password from anywhere get them back.

    What happens if your Firefox data gets corrupted, hard drive crash, etc. No worries about that over here, data is on a server backed up of course, and they allow for you to have an offline copy.

  3. James Says:

    January 13th, 2009 at 12:24 am

    I am also a web developer of 15+ years. My opinion.. Get out the good old pencil and pad and write it down. Now I run Mac computers so I am not too concerned about someone accessing my hard drive but at the same time I still use the old fashion pencil and paper for my hundreds if not thousands of logins..

    James

  4. Hassan Says:

    January 17th, 2009 at 4:01 pm

    It’s really handy! I have to remember dozens of passwords and firefox save password feature really save me much time. Write it down by pencil will not save you time.
    I don’t like master password, I think protecting the entire computer system is a better way, like Nate said.
    Hey, why don’t you run a poll for that?

  5. Artful Dodger Says:

    January 18th, 2009 at 4:19 am

    I think Firefox saved passwords is great. I have a master password so no one can gain access to mine. I also have windows XP Password protection and Kaspersky Internet Security so no hackers can gain access somehow.

  6. Allan Hubbert Says:

    February 13th, 2009 at 10:55 pm

    saved passwords are great and as been already said, use a master password. At the
    same time, there is vulnerability when the
    password file can not be accessed. I use
    a text editor and create a flat file with
    the same information and keep it backed up.
    No setup is 100% but with a little common
    sense, security and convenience go hand in
    hand. What I would like to know is what is the firefox filename and its path so I
    can back that up. I use both fedora core 9 and xp.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
connect with me!