Secure Your Firefox Passwords

[gvblake22]

I hate those remember password features, I feel like it totally defeats the purpose of having a password in the first place. The security measure are there for a reason people, you'll try harder attempting to make it easier than you would just remembering your passwords and taking the extra three seconds to type it in each time...

[Elysium]

Quote:

Originally Posted by gvblake22

I hate those remember password features, I feel like it totally defeats the purpose of having a password in the first place. The security measure are there for a reason people, you'll try harder attempting to make it easier than you would just remembering your passwords and taking the extra three seconds to type it in each time...

The only reason I need a password is to log into HL, and I don't know if anyone's interested in hacking my HL account...

[gvblake22]

Quote:

Originally Posted by yellowhello

The only reason I need a password is to log into HL, and I don't know if anyone's interested in hacking my HL account...

OOHH, you'll care when I get in your account and change your name to purplehello!

[Elysium]

Quote:

Originally Posted by gvblake22

OOHH, you'll care when I get in your account and change your name to purplehello!

Ya know, I told my dad that my username on the web is yellowhello and his response... "Why not yellowbelly?"

But that is seriously what he said!

[polobunny]

Quote:

Originally Posted by gamerfreak

A opposed to them having access to all you're passwords without a master password?

This is specifically for people who rely on Firefox to store passwords and want to keep them safe. I don't recommends you store passwords ANYWHERE but you're head.

As opposed to not making firefox remember your passwords.
I'm also opposed to storing passwords. If people remembered, didn't share and made complex passwords I'd be so much happier today. Being a comp tech ain't easy guys, I'm telling ya. =P

[gvblake22]

Quote:

Originally Posted by yellowhello

Ya know, I told my dad that my username on the web is yellowhello and his response... "Why not yellowbelly?"

But that is seriously what he said!

OOOHHHH, that's a good one!

Quote:

Originally Posted by polobunny

If people remembered, didn't share and made complex passwords I'd be so much happier today. Being a comp tech ain't easy guys, I'm telling ya. =P

Making complex passwords is easier than people think too, they just don't see the point and don't want to "waste their time".

I think it's more of a security compromise than a convenience to have your internet browser remember all your passwords. Not that I know anything about what it takes to hack a computer or steal someone's identity, I'm just going by educated guesses...

[polobunny]

Quote:

Originally Posted by gvblake22

OOOHHHH, that's a good one!


Making complex passwords is easier than people think too, they just don't see the point and don't want to "waste their time".

I think it's more of a security compromise than a convenience to have your internet browser remember all your passwords. Not that I know anything about what it takes to hack a computer or steal someone's identity, I'm just going by educated guesses...

I frankly have no knowledge of Firefox security and how it protects your passwords by putting a master password there, but I highly doubt it can be deemed unhackable.

Everything that is executed by your processor is clear instructions, and at some point it is possible to reconstruct the information if you were to intercept those instructions.
Also if you have access to the computer (physically) you already won, no matter what people think. :P

Now the question is; Is it really worth it? Someone worth a lot of money will probably not save their passwords, use simple passwords or use a master password.
Depending on the encryption, it can take quite a lot of time, maybe more time than you have before the user changes his password.

All in all though, having a password is better than having none that's for sure, but ultimately you want your passwords only to be stored in your head. Brain hacking is not something a lot of people know how to do. :P

[OCNoob]

This is why DONT allow Firefox to remember my important accounts & passwords. Firefox can remember the other ones to make things more convenient. Best of both worlds IMO.

[gvblake22]

Quote:

Originally Posted by OCNoob

This is why DONT allow Firefox to remember my important accounts & passwords. Firefox can remember the other ones to make things more convenient. Best of both worlds IMO.

Indeed. IE does the same thing too, this isn't just a Firefox issue.

[gamerfreak]

Quote:

Originally Posted by polobunny

As opposed to not making firefox remember your passwords.
I'm also opposed to storing passwords. If people remembered, didn't share and made complex passwords I'd be so much happier today. Being a comp tech ain't easy guys, I'm telling ya. =P

lol, we are arguing over the same opinion.

All this "guide" (if you where calling it that) was meant to do was make people aware that Firefox stores your passwords out in the open by default. They would only be compromised from someone who has physical access to your machine.

Lets establish one thing: you're Firefox master password is stored locally. It is used to encrypt all your other passwords. It could only be brute forced by someone who has physical access to your machine. You're web passwords however could be brute forced by anyone, anywhere.

Now here is a scenario. Lets say for all your web based passwords you use a DIFFERENT amazingly strong and long password. Say a random combination of 60 letters, numbers, and symbols. It would be nearly impossible to remember these, or for them to be brute forced in a reasonable amount of time. So your store them in Firefox, with a weaker but easier to remember password.

Option A:
Use a few, weaker passwords on the web which could be potentially be compromised from anywhere in the world.

Option B:
Store encrypted, different, and insane passwords for each site locally. If your machine is locked down by a good firewall and antivirus (which it should be anyway) these could only be compromised if someone had physical access to your machine.

Which sounds more secure?

PS to IE users. Don't store any passwords on IE under any circumstances. It stores them unencrypted in the registry.