Beware of saving passwords in your browser

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,616
Known this a long time, and when I wanted to post this info the thread was closed (facebook hacking thread)
Almost no people know this, and all their passwords are available for all to see.

There are even hacking utilities that will grab the passwords without even opening firefox, and save it to a txt file
(but i will not mention its name)
 

BGE

Expert Member
Joined
Oct 13, 2009
Messages
1,494
Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,616
Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!

They are hashed on your pc in fact.
You just need to set a master password, and the control panel can't be opened by anyone.
 
Last edited:

mfumbesi

Expert Member
Joined
Aug 24, 2010
Messages
1,137
Also known this for a while, I use a "master password", but more importantly..... I don't save bank passwords.
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,197
Known this a long time, and when I wanted to post this info the thread was closed (facebook hacking thread)
Almost no people know this, and all their passwords are available for all to see.

There are even hacking utilities that will grab the passwords without even opening firefox, and save it to a txt file
(but i will not mention its name)

Do you need local access, or can this be done remotely?
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,616
Do you need local access, or can this be done remotely?

It can be accessed from different user accounts, and even from different OS's (linux/etc)

You will need access to the system though - so if you can get that somehow, sure.


edit: actually, if you can copy a person's "Users" folder, you can do it.
 
Last edited:

Ripykin

Senior Member
Joined
May 6, 2011
Messages
725
Thanks for the tip, master password set, i always wondered about how secure they were, i had them all in a little notebook, but what a nightmare to try locate a password, a complete mess.
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,197
It can be accessed from different user accounts, and even from different OS's (linux/etc)

You will need access to the system though - so if you can get that somehow, sure.

Then it's not that critical.

Put a password on your BIOS, make sure that USB keys aren't bootable, and that the HDD boots first before the CDRom/others.

With some laptop BIOSes you can put a password on the HDD, making it unreadable, even if removed and placed in an USB enclosure. :cool: :D
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,616
it is pretty critical if you ask me :whistling: but I won't go into all that...
 

guest2013-1

guest
Joined
Aug 22, 2003
Messages
19,800
Yip, saw this a while ago... IMHO a serious mistake from the Mozilla developers, the passwords should be stored in a 2-way HASH of some sort, but should never be readable via any options control panel!

They are hashed on your pc in fact.
You just need to set a master password, and the control panel can't be opened by anyone.

There is no such thing as a 2-way HASH. A HASH is specifically meant to be "one way". What you guys are referring to is encryption. And sad to say, where there is a will there's a way, so even if they spend a good chunk of their budget on cryptography, somewhere out there is a brilliant piece of mind that will crack it eventually.
 

Keeper

Honorary Master
Joined
Mar 29, 2008
Messages
23,616
There is no such thing as a 2-way HASH. A HASH is specifically meant to be "one way". What you guys are referring to is encryption. And sad to say, where there is a will there's a way, so even if they spend a good chunk of their budget on cryptography, somewhere out there is a brilliant piece of mind that will crack it eventually.

afaik there are plenty of ciphers out there that havent been cracked yet.
 
F

Fudzy

Guest
I'd give lastpass a go but i'm still skeptical about storing passwords to my financial institutions or e-filling for that matter.

Yeah me too though from a hacking point of view would a site like lastpass be more at risk than your home system infected with a keylogger?
 

panayi

Well-Known Member
Joined
Feb 1, 2011
Messages
358
I use FreePass - has a master password and you can easily copy - paste to the password block....
 

_TrXtR_

Expert Member
Joined
Jul 11, 2006
Messages
1,379
Old news for old people?

A whole article? Dedicated to this? Wow! I want this job
 

Cat011

Well-Known Member
Joined
Aug 21, 2006
Messages
171
The free version of lastpass is great but I paid the few bucks for the pro version.
It really is brilliant. I just don't save any critical passwords in it, and the important ones require a password confirmation if I leave my machine unlocked.

It has a random password generator built in, so you can have really cryptic passwords and it remembers them all for you.

It also lets you save form data like your phone number and email address etc and you can allow it to populate web forms on your behalf, saving you typing the same stuff out over and over.
 
Top