Beware of saving passwords in your browser

[jes]

Beware of saving passwords in your browser

It is surprisingly easy for someone to get all your saved passwords from your Firefox browser

 

[Keeper]

Known this a long time, and when I wanted to post this info the thread was closed (facebook hacking thread)
Almost no people know this, and all their passwords are available for all to see.

There are even hacking utilities that will grab the passwords without even opening firefox, and save it to a txt file
(but i will not mention its name)

 

[BGE]

Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!

 

[Keeper]

Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!

They are hashed on your pc in fact.
You just need to set a master password, and the control panel can't be opened by anyone.

 

[mfumbesi]

Also known this for a while, I use a "master password", but more importantly..... I don't save bank passwords.

 

[The_Unbeliever]

Known this a long time, and when I wanted to post this info the thread was closed (facebook hacking thread)
Almost no people know this, and all their passwords are available for all to see.

There are even hacking utilities that will grab the passwords without even opening firefox, and save it to a txt file
(but i will not mention its name)

Do you need local access, or can this be done remotely?

 

[Keeper]

Do you need local access, or can this be done remotely?

It can be accessed from different user accounts, and even from different OS's (linux/etc)

You will need access to the system though - so if you can get that somehow, sure.


edit: actually, if you can copy a person's "Users" folder, you can do it.

 

[Ripykin]

Thanks for the tip, master password set, i always wondered about how secure they were, i had them all in a little notebook, but what a nightmare to try locate a password, a complete mess.

 

[The_Unbeliever]

It can be accessed from different user accounts, and even from different OS's (linux/etc)

You will need access to the system though - so if you can get that somehow, sure.

Then it's not that critical.

Put a password on your BIOS, make sure that USB keys aren't bootable, and that the HDD boots first before the CDRom/others.

With some laptop BIOSes you can put a password on the HDD, making it unreadable, even if removed and placed in an USB enclosure.

 

[Keeper]

it is pretty critical if you ask me but I won't go into all that...

 

[guest2013-1]

Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!

They are hashed on your pc in fact.
You just need to set a master password, and the control panel can't be opened by anyone.

There is no such thing as a 2-way HASH. A HASH is specifically meant to be "one way". What you guys are referring to is encryption. And sad to say, where there is a will there's a way, so even if they spend a good chunk of their budget on cryptography, somewhere out there is a brilliant piece of mind that will crack it eventually.

 

[Fudzy]

Anyone here use LastPass? Friend of mine suggested it but I'm a bit wary of putting all my eggs in one basket.

https://lastpass.com/

 

[Keeper]

There is no such thing as a 2-way HASH. A HASH is specifically meant to be "one way". What you guys are referring to is encryption. And sad to say, where there is a will there's a way, so even if they spend a good chunk of their budget on cryptography, somewhere out there is a brilliant piece of mind that will crack it eventually.

afaik there are plenty of ciphers out there that havent been cracked yet.

 

[siraman]

Anyone here use LastPass? Friend of mine suggested it but I'm a bit wary of putting all my eggs in one basket.

https://lastpass.com/

I'd give lastpass a go but i'm still skeptical about storing passwords to my financial institutions or e-filling for that matter.

 

[Fudzy]

I'd give lastpass a go but i'm still skeptical about storing passwords to my financial institutions or e-filling for that matter.

Yeah me too though from a hacking point of view would a site like lastpass be more at risk than your home system infected with a keylogger?

 

[panayi]

I use FreePass - has a master password and you can easily copy - paste to the password block....

 

[LazyLion]

Anyone here use LastPass? Friend of mine suggested it but I'm a bit wary of putting all my eggs in one basket.
https://lastpass.com/

+1 ... I was going to post that! Problem Solved... and then your passwords are accessible to you from anywhere with one master password.

 

[_TrXtR_]

Old news for old people?

A whole article? Dedicated to this? Wow! I want this job

 

[Cicero]

Also can access your passwords in Chrome

 

[Cat011]

The free version of lastpass is great but I paid the few bucks for the pro version.
It really is brilliant. I just don't save any critical passwords in it, and the important ones require a password confirmation if I leave my machine unlocked.

It has a random password generator built in, so you can have really cryptic passwords and it remembers them all for you.

It also lets you save form data like your phone number and email address etc and you can allow it to populate web forms on your behalf, saving you typing the same stuff out over and over.