Firefox Saved Passwords

I want to know just how safe and secure is the Firefox saved passwords--can someone who know what they are doing get into this and get all the usernames and passwords? If this is not a close to 100% secure solution what would you recommend for storing passwords to websites? And what about IE's saved passwords security--any better or worse? Thank you.
LVL 26
Lionel MMSmall Business IT ConsultantAsked:
Who is Participating?
 
TolomirConnect With a Mentor AdministratorCommented:
I have the same issue with the password to be entered twice.

I also have issues to load websites at all, while in fips mode. In short don't like it.

Ok, here is the deal give keepass a try. http://keepass.info/ 

It allows you to keep passwords in a container (could be even stored on dropbox) that is fully encrypted. Keepass is free opensource software with a lot of features, like a password generator.

See for yourself:

http://keepass.info/features.html

Tolomir
0
 
dheiertCommented:
Anyone who can access you account can surely get to them.  I am no expert, but it would probably be pretty easy to get them from another user account.  Roboform is decent but probably not that secure.
0
 
Haresh NikumbhConnect With a Mentor Sr. Tech leadCommented:
I use lastpass

https://lastpass.com/
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
TolomirConnect With a Mentor AdministratorCommented:
I use lastpass too, problem with lastpass and all password managers are keyloggers.

Here are some details on firefox password security.

https://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html

When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default.  If you choose a good, strong master password, then this level of encryption should be fine.  3DES is rated to be good for general use through 2020.

You can make the stored password encryption FIPS 140-1 compliant by using an alternate security module.  See (in FireFox for Windows) “Tools > Options > Advanced > Encryption > Security Devices > Enable FIPS”.  This improves the encryption strength and makes it more difficult for guessing programs to open the encrypted passwords database.

However, if your Master Password is not well chosen, then a simple dictionary or variation attack may be able to discover it.

Tolomir
0
 
COBOLdinosaurCommented:
There is no 100% safe way to store passwords on your computer, and there is no password manager that cannot be compromised.  if you are that concerned about password security you should storing them offline and entering them manually.  The few seconds saved with stored passwords could translate to weeks of misery if they are compromised.

Cd&
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
I do use a master password and it is a combination of numbers, letters and special characters and 15 characters long. I will try lastpass and checkout FIPS--thanks.
0
 
TolomirAdministratorCommented:
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
Installed lastpass but don't like that you have to have an online account and that my passwords are stored online--seems to defeat the purpose of trying to keep my passwords secure. Also made the FIPS change--now each time I start firefox it makes me enter my password twice--is that right or did I do something wrong here?
0
All Courses

From novice to tech pro — start learning today.