I have my computer memorize my passwords for non-sensitive sites (blogs, newspapers). However, for stuff like my bank and Yahoo webmail I don't save those and type them every time.
Posted by: David at December 25, 2009 12:12 PM
Firefox uses the RC4 algorithm to encrypt the password file. Brute force attack using the known cracker will take years to crack if the master password is a long passphrase. After all, brute force can be used to attempt cracking even Roboform. So, in theory nothing is safe, but practically speaking the FF master password system is adequately secure.
Posted by: Cyber_100 at December 26, 2009 1:34 AM
There is a nice Firefox addon called LastPass that will save your passwords for you. Everything is stored in the "cloud" and not on your machine. You just log into your LastPass account with a password of your choice and they take care of filling in usernames and passwords. As an added feature, LastPass also handles form filling and supports multiple profiles.
That's putting a lot of trust in that service and in "the cloud". Personally, I would not.
30-Dec-2009
Posted by: Jason at December 29, 2009 8:28 AM
Don't forget the Quick Dial Syndrome. Not using your passwords all the time means you will forget them when you have to enter them manually again!
Posted by: Dan at December 29, 2009 8:36 AM
hello leo. thank you for the information. my next question is now do we burn things on the computer. i wish you a happy new year.
Posted by: mona georgetti at December 29, 2009 11:50 AM
Well, I feel motivated to do something more about password security... but I'm not sure what? Maybe get a small flash drive and install Roboform on it?
Posted by: Greg McDonald at December 29, 2009 3:29 PM
I keep passwords in an Excel file and password protect that file. They are always with me and I understand that this is very hard to crack and gain entry to the file.
Posted by: Ralph Cosh at December 30, 2009 6:31 PM
amherst college says to lock your computer...will that make it safe?
xp/vista...windows-key+l or options+l....seems to me if you can lock it, a few folks know how
to unlock it and help themselves? tu for your
hard work...
By having the browser remember one's password does not seem all that secure. I'm OK with typing in the password each and every time. However, when one uses a computer at work or in some public places, there is always the risk of key loggers being installed in the computers. So, which method would be better for privacy and security.
Use good security measures on your own computer, and don't visit sites where you need to enter your password on computers you can't trust.
05-Jan-2010
Posted by: v w at January 4, 2010 8:57 PM
Leo,
You could enable FIPs encryption in Firefox. It is little known that FIPs is standard on Firefox and can be enabled under advanced options and under encryption devices. Cracking a master password with FIPs enabled and a salt is virtually impossible.
TrueCrypt can't be recommended as none of its encryption techniques has ever been verified since the creators are anonymous. Lately they have been deleting posts criticizing any faults in the program, which is disturbing.
Comments
Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.
I have my computer memorize my passwords for non-sensitive sites (blogs, newspapers). However, for stuff like my bank and Yahoo webmail I don't save those and type them every time.
Posted by: David at December 25, 2009 12:12 PMFirefox uses the RC4 algorithm to encrypt the password file. Brute force attack using the known cracker will take years to crack if the master password is a long passphrase. After all, brute force can be used to attempt cracking even Roboform. So, in theory nothing is safe, but practically speaking the FF master password system is adequately secure.
Posted by: Cyber_100 at December 26, 2009 1:34 AMThere is a nice Firefox addon called LastPass that will save your passwords for you. Everything is stored in the "cloud" and not on your machine. You just log into your LastPass account with a password of your choice and they take care of filling in usernames and passwords. As an added feature, LastPass also handles form filling and supports multiple profiles.
30-Dec-2009
Posted by: Jason at December 29, 2009 8:28 AM
Don't forget the Quick Dial Syndrome. Not using your passwords all the time means you will forget them when you have to enter them manually again!
Posted by: Dan at December 29, 2009 8:36 AMhello leo. thank you for the information. my next question is now do we burn things on the computer. i wish you a happy new year.
Posted by: mona georgetti at December 29, 2009 11:50 AMWell, I feel motivated to do something more about password security... but I'm not sure what? Maybe get a small flash drive and install Roboform on it?
Posted by: Greg McDonald at December 29, 2009 3:29 PMI keep passwords in an Excel file and password protect that file. They are always with me and I understand that this is very hard to crack and gain entry to the file.
Posted by: Ralph Cosh at December 30, 2009 6:31 PMamherst college says to lock your computer...will that make it safe?
xp/vista...windows-key+l or options+l....seems to me if you can lock it, a few folks know how
to unlock it and help themselves? tu for your
hard work...
01-Jan-2010
Posted by: rew at December 31, 2009 2:04 PM
By having the browser remember one's password does not seem all that secure. I'm OK with typing in the password each and every time. However, when one uses a computer at work or in some public places, there is always the risk of key loggers being installed in the computers. So, which method would be better for privacy and security.
05-Jan-2010
Posted by: v w at January 4, 2010 8:57 PM
Leo,
You could enable FIPs encryption in Firefox. It is little known that FIPs is standard on Firefox and can be enabled under advanced options and under encryption devices. Cracking a master password with FIPs enabled and a salt is virtually impossible.
TrueCrypt can't be recommended as none of its encryption techniques has ever been verified since the creators are anonymous. Lately they have been deleting posts criticizing any faults in the program, which is disturbing.
Posted by: Will at March 9, 2010 8:29 PMTo post a comment on "Is it safe to let my browser remember passwords?", please return to that article's main page.