1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Holes in Firefox Password Manager

Discussion in 'Computer Security' started by MacAllan, Jul 22, 2007.

  1. MacAllan

    MacAllan Byte Poster

    249
    6
    30

    Oh Dear
    my new Facebook friend just stole my password!

    Add-ons
    'Secure Login'
    and 'NoScript' are recommended fixes.
     
    Certifications: A+, N+, CCNA
    WIP: CCNP, Linux+
  2. VantageIsle

    VantageIsle Kilobyte Poster

    446
    8
    49
    whoa, cheers for the heads up.

    Just a quick question.
    when you say your password was stolen, are referring to the pass for a particular website OR the master password for all your saved passwords.

    cheers
     
    Certifications: A+, ITIL V3, MCSA, MCITP:EST, CCENT, 70-432-SQL, 70-401 SCCM
    WIP: MCSA upgrade MCITP:SA then EA
  3. MacAllan

    MacAllan Byte Poster

    249
    6
    30
    It's just the password for the individual site - the security risk comes from how often a user uses the same password for any site they visit.

    Do I have a unique pwd for every site? No.
    But I often do use the same stupid password for all the sites that I think don't matter, (and very different pwds for the sites that do). Is that infallible? 100% not :rolleyes:

    [Saying I had my pwd stolen is journalistic licence - I wouldn't touch Facebook with a barge-pole....]
     
    Certifications: A+, N+, CCNA
    WIP: CCNP, Linux+
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Er - I see nothing new here. I have Javascript off by default anyway. Sites that insist on it need to be *really* useful for me to bother. :biggrin

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196

    I do the same. Keep the same passwords for sites that don't matter and unique tough passwords for sites that do and I never ever save the passwords into the Firefox or IE.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Yup same here, never, eversve passwords for anything in FF or IE or anything to be honest.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  7. shambles

    shambles Guest

    OK - so you take the best advice you have been given, and use different passwords for different sites. And you don't save them into your browser...

    Let's say, at a guess, you end up with 15 different password/login combinations and then you add a 16th, and start forgetting them because you can't remember any more...

    Is there a sensible solution to this? Something a non-expert user might be able to get to grips with? What about password managing programs? How do I advise someone so that they don't end up really vulnerable or inconvenienced by too many passwords? Thing is, if it isn't a good solution, then no-one will bother, and they'll stay vulnerable...
     

Share This Page

Loading...