Security Holes in Firefox Password Manager

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Oh Dear my new Facebook friend just stole my password!

Add-ons
'Secure Login' and 'NoScript' are recommended fixes.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

whoa, cheers for the heads up.

Just a quick question.
when you say your password was stolen, are referring to the pass for a particular website OR the master password for all your saved passwords.

cheers

 

It's just the password for the individual site - the security risk comes from how often a user uses the same password for any site they visit.

Do I have a unique pwd for every site? No.
But I often do use the same stupid password for all the sites that I think don't matter, (and very different pwds for the sites that do). Is that infallible? 100% not

[Saying I had my pwd stolen is journalistic licence - I wouldn't touch Facebook with a barge-pole....]

 

Er - I see nothing new here. I have Javascript off by default anyway. Sites that insist on it need to be *really* useful for me to bother.

Harry.

 

I do the same. Keep the same passwords for sites that don't matter and unique tough passwords for sites that do and I never ever save the passwords into the Firefox or IE.

 

OK - so you take the best advice you have been given, and use different passwords for different sites. And you don't save them into your browser...

Let's say, at a guess, you end up with 15 different password/login combinations and then you add a 16th, and start forgetting them because you can't remember any more...

Is there a sensible solution to this? Something a non-expert user might be able to get to grips with? What about password managing programs? How do I advise someone so that they don't end up really vulnerable or inconvenienced by too many passwords? Thing is, if it isn't a good solution, then no-one will bother, and they'll stay vulnerable...