Beware of saving passwords in your browser

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,588
#2
Known this a long time, and when I wanted to post this info the thread was closed (facebook hacking thread)
Almost no people know this, and all their passwords are available for all to see.

There are even hacking utilities that will grab the passwords without even opening firefox, and save it to a txt file
(but i will not mention its name)
 

BGE

Expert Member
Joined
Oct 13, 2009
Messages
1,494
#3
Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,588
#4
Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!
They are hashed on your pc in fact.
You just need to set a master password, and the control panel can't be opened by anyone.
 
Last edited:

mfumbesi

Expert Member
Joined
Aug 24, 2010
Messages
1,054
#5
Also known this for a while, I use a "master password", but more importantly..... I don't save bank passwords.
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,202
#6
Known this a long time, and when I wanted to post this info the thread was closed (facebook hacking thread)
Almost no people know this, and all their passwords are available for all to see.

There are even hacking utilities that will grab the passwords without even opening firefox, and save it to a txt file
(but i will not mention its name)
Do you need local access, or can this be done remotely?
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,588
#7
Do you need local access, or can this be done remotely?
It can be accessed from different user accounts, and even from different OS's (linux/etc)

You will need access to the system though - so if you can get that somehow, sure.


edit: actually, if you can copy a person's "Users" folder, you can do it.
 
Last edited:

Ripykin

Senior Member
Joined
May 6, 2011
Messages
725
#8
Thanks for the tip, master password set, i always wondered about how secure they were, i had them all in a little notebook, but what a nightmare to try locate a password, a complete mess.
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,202
#9
It can be accessed from different user accounts, and even from different OS's (linux/etc)

You will need access to the system though - so if you can get that somehow, sure.
Then it's not that critical.

Put a password on your BIOS, make sure that USB keys aren't bootable, and that the HDD boots first before the CDRom/others.

With some laptop BIOSes you can put a password on the HDD, making it unreadable, even if removed and placed in an USB enclosure. :cool: :D
 
Joined
Aug 22, 2003
Messages
19,809
#11
Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!
They are hashed on your pc in fact.
You just need to set a master password, and the control panel can't be opened by anyone.
There is no such thing as a 2-way HASH. A HASH is specifically meant to be "one way". What you guys are referring to is encryption. And sad to say, where there is a will there's a way, so even if they spend a good chunk of their budget on cryptography, somewhere out there is a brilliant piece of mind that will crack it eventually.
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,588
#13
There is no such thing as a 2-way HASH. A HASH is specifically meant to be "one way". What you guys are referring to is encryption. And sad to say, where there is a will there's a way, so even if they spend a good chunk of their budget on cryptography, somewhere out there is a brilliant piece of mind that will crack it eventually.
afaik there are plenty of ciphers out there that havent been cracked yet.
 
F

Fudzy

Guest
#15
I'd give lastpass a go but i'm still skeptical about storing passwords to my financial institutions or e-filling for that matter.
Yeah me too though from a hacking point of view would a site like lastpass be more at risk than your home system infected with a keylogger?
 

Cat011

Well-Known Member
Joined
Aug 21, 2006
Messages
171
#20
The free version of lastpass is great but I paid the few bucks for the pro version.
It really is brilliant. I just don't save any critical passwords in it, and the important ones require a password confirmation if I leave my machine unlocked.

It has a random password generator built in, so you can have really cryptic passwords and it remembers them all for you.

It also lets you save form data like your phone number and email address etc and you can allow it to populate web forms on your behalf, saving you typing the same stuff out over and over.
 
Top