1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Holes in Firefox Password Manager

Discussion in 'Computer Security' started by MacAllan, Jul 22, 2007.

  1. MacAllan

    MacAllan Byte Poster


    Oh Dear
    my new Facebook friend just stole my password!

    'Secure Login'
    and 'NoScript' are recommended fixes.
    Certifications: A+, N+, CCNA
    WIP: CCNP, Linux+
  2. VantageIsle

    VantageIsle Kilobyte Poster

    whoa, cheers for the heads up.

    Just a quick question.
    when you say your password was stolen, are referring to the pass for a particular website OR the master password for all your saved passwords.

    Certifications: A+, ITIL V3, MCSA, MCITP:EST, CCENT, 70-432-SQL, 70-401 SCCM
    WIP: MCSA upgrade MCITP:SA then EA
  3. MacAllan

    MacAllan Byte Poster

    It's just the password for the individual site - the security risk comes from how often a user uses the same password for any site they visit.

    Do I have a unique pwd for every site? No.
    But I often do use the same stupid password for all the sites that I think don't matter, (and very different pwds for the sites that do). Is that infallible? 100% not :rolleyes:

    [Saying I had my pwd stolen is journalistic licence - I wouldn't touch Facebook with a barge-pole....]
    Certifications: A+, N+, CCNA
    WIP: CCNP, Linux+
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    Er - I see nothing new here. I have Javascript off by default anyway. Sites that insist on it need to be *really* useful for me to bother. :biggrin

    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. Theprof

    Theprof Petabyte Poster Premium Member


    I do the same. Keep the same passwords for sites that don't matter and unique tough passwords for sites that do and I never ever save the passwords into the Firefox or IE.
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
  6. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    Yup same here, never, eversve passwords for anything in FF or IE or anything to be honest.
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  7. shambles

    shambles Guest

    OK - so you take the best advice you have been given, and use different passwords for different sites. And you don't save them into your browser...

    Let's say, at a guess, you end up with 15 different password/login combinations and then you add a 16th, and start forgetting them because you can't remember any more...

    Is there a sensible solution to this? Something a non-expert user might be able to get to grips with? What about password managing programs? How do I advise someone so that they don't end up really vulnerable or inconvenienced by too many passwords? Thing is, if it isn't a good solution, then no-one will bother, and they'll stay vulnerable...

Share This Page