Solved

Firefox Saved Passwords

Posted on 2013-06-24
8
569 Views
Last Modified: 2013-06-30
I want to know just how safe and secure is the Firefox saved passwords--can someone who know what they are doing get into this and get all the usernames and passwords? If this is not a close to 100% secure solution what would you recommend for storing passwords to websites? And what about IE's saved passwords security--any better or worse? Thank you.
0
Comment
Question by:Lionel MM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 3

Expert Comment

by:dheiert
ID: 39271509
Anyone who can access you account can surely get to them.  I am no expert, but it would probably be pretty easy to get them from another user account.  Roboform is decent but probably not that secure.
0
 
LVL 22

Assisted Solution

by:Haresh Nikumbh
Haresh Nikumbh earned 167 total points
ID: 39271546
I use lastpass

https://lastpass.com/
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 333 total points
ID: 39271590
I use lastpass too, problem with lastpass and all password managers are keyloggers.

Here are some details on firefox password security.

https://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html

When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default.  If you choose a good, strong master password, then this level of encryption should be fine.  3DES is rated to be good for general use through 2020.

You can make the stored password encryption FIPS 140-1 compliant by using an alternate security module.  See (in FireFox for Windows) “Tools > Options > Advanced > Encryption > Security Devices > Enable FIPS”.  This improves the encryption strength and makes it more difficult for guessing programs to open the encrypted passwords database.

However, if your Master Password is not well chosen, then a simple dictionary or variation attack may be able to discover it.

Tolomir
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39271635
There is no 100% safe way to store passwords on your computer, and there is no password manager that cannot be compromised.  if you are that concerned about password security you should storing them offline and entering them manually.  The few seconds saved with stored passwords could translate to weeks of misery if they are compromised.

Cd&
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39271680
I do use a master password and it is a combination of numbers, letters and special characters and 15 characters long. I will try lastpass and checkout FIPS--thanks.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 39271980
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39274470
Installed lastpass but don't like that you have to have an online account and that my passwords are stored online--seems to defeat the purpose of trying to keep my passwords secure. Also made the FIPS change--now each time I start firefox it makes me enter my password twice--is that right or did I do something wrong here?
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 333 total points
ID: 39276406
I have the same issue with the password to be entered twice.

I also have issues to load websites at all, while in fips mode. In short don't like it.

Ok, here is the deal give keepass a try. http://keepass.info/ 

It allows you to keep passwords in a container (could be even stored on dropbox) that is fully encrypted. Keepass is free opensource software with a lot of features, like a password generator.

See for yourself:

http://keepass.info/features.html

Tolomir
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question