Solved

Firefox Saved Passwords

Posted on 2013-06-24
8
567 Views
Last Modified: 2013-06-30
I want to know just how safe and secure is the Firefox saved passwords--can someone who know what they are doing get into this and get all the usernames and passwords? If this is not a close to 100% secure solution what would you recommend for storing passwords to websites? And what about IE's saved passwords security--any better or worse? Thank you.
0
Comment
Question by:Lionel MM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 3

Expert Comment

by:dheiert
ID: 39271509
Anyone who can access you account can surely get to them.  I am no expert, but it would probably be pretty easy to get them from another user account.  Roboform is decent but probably not that secure.
0
 
LVL 22

Assisted Solution

by:Haresh Nikumbh
Haresh Nikumbh earned 167 total points
ID: 39271546
I use lastpass

https://lastpass.com/
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 333 total points
ID: 39271590
I use lastpass too, problem with lastpass and all password managers are keyloggers.

Here are some details on firefox password security.

https://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html

When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default.  If you choose a good, strong master password, then this level of encryption should be fine.  3DES is rated to be good for general use through 2020.

You can make the stored password encryption FIPS 140-1 compliant by using an alternate security module.  See (in FireFox for Windows) “Tools > Options > Advanced > Encryption > Security Devices > Enable FIPS”.  This improves the encryption strength and makes it more difficult for guessing programs to open the encrypted passwords database.

However, if your Master Password is not well chosen, then a simple dictionary or variation attack may be able to discover it.

Tolomir
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39271635
There is no 100% safe way to store passwords on your computer, and there is no password manager that cannot be compromised.  if you are that concerned about password security you should storing them offline and entering them manually.  The few seconds saved with stored passwords could translate to weeks of misery if they are compromised.

Cd&
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39271680
I do use a master password and it is a combination of numbers, letters and special characters and 15 characters long. I will try lastpass and checkout FIPS--thanks.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 39271980
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39274470
Installed lastpass but don't like that you have to have an online account and that my passwords are stored online--seems to defeat the purpose of trying to keep my passwords secure. Also made the FIPS change--now each time I start firefox it makes me enter my password twice--is that right or did I do something wrong here?
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 333 total points
ID: 39276406
I have the same issue with the password to be entered twice.

I also have issues to load websites at all, while in fips mode. In short don't like it.

Ok, here is the deal give keepass a try. http://keepass.info/ 

It allows you to keep passwords in a container (could be even stored on dropbox) that is fully encrypted. Keepass is free opensource software with a lot of features, like a password generator.

See for yourself:

http://keepass.info/features.html

Tolomir
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question