Solved

Firefox Saved Passwords

Posted on 2013-06-24
8
552 Views
Last Modified: 2013-06-30
I want to know just how safe and secure is the Firefox saved passwords--can someone who know what they are doing get into this and get all the usernames and passwords? If this is not a close to 100% secure solution what would you recommend for storing passwords to websites? And what about IE's saved passwords security--any better or worse? Thank you.
0
Comment
Question by:lionelmm
8 Comments
 
LVL 3

Expert Comment

by:dheiert
Comment Utility
Anyone who can access you account can surely get to them.  I am no expert, but it would probably be pretty easy to get them from another user account.  Roboform is decent but probably not that secure.
0
 
LVL 21

Assisted Solution

by:Haresh Nikumbh
Haresh Nikumbh earned 167 total points
Comment Utility
I use lastpass

https://lastpass.com/
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 333 total points
Comment Utility
I use lastpass too, problem with lastpass and all password managers are keyloggers.

Here are some details on firefox password security.

https://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html

When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default.  If you choose a good, strong master password, then this level of encryption should be fine.  3DES is rated to be good for general use through 2020.

You can make the stored password encryption FIPS 140-1 compliant by using an alternate security module.  See (in FireFox for Windows) “Tools > Options > Advanced > Encryption > Security Devices > Enable FIPS”.  This improves the encryption strength and makes it more difficult for guessing programs to open the encrypted passwords database.

However, if your Master Password is not well chosen, then a simple dictionary or variation attack may be able to discover it.

Tolomir
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
There is no 100% safe way to store passwords on your computer, and there is no password manager that cannot be compromised.  if you are that concerned about password security you should storing them offline and entering them manually.  The few seconds saved with stored passwords could translate to weeks of misery if they are compromised.

Cd&
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 24

Author Comment

by:lionelmm
Comment Utility
I do use a master password and it is a combination of numbers, letters and special characters and 15 characters long. I will try lastpass and checkout FIPS--thanks.
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
0
 
LVL 24

Author Comment

by:lionelmm
Comment Utility
Installed lastpass but don't like that you have to have an online account and that my passwords are stored online--seems to defeat the purpose of trying to keep my passwords secure. Also made the FIPS change--now each time I start firefox it makes me enter my password twice--is that right or did I do something wrong here?
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 333 total points
Comment Utility
I have the same issue with the password to be entered twice.

I also have issues to load websites at all, while in fips mode. In short don't like it.

Ok, here is the deal give keepass a try. http://keepass.info/

It allows you to keep passwords in a container (could be even stored on dropbox) that is fully encrypted. Keepass is free opensource software with a lot of features, like a password generator.

See for yourself:

http://keepass.info/features.html

Tolomir
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now