Firefox Saved Passwords

I want to know just how safe and secure is the Firefox saved passwords--can someone who know what they are doing get into this and get all the usernames and passwords? If this is not a close to 100% secure solution what would you recommend for storing passwords to websites? And what about IE's saved passwords security--any better or worse? Thank you.
LVL 26
Lionel MMSmall Business IT ConsultantAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

TolomirConnect With a Mentor AdministratorCommented:
I have the same issue with the password to be entered twice.

I also have issues to load websites at all, while in fips mode. In short don't like it.

Ok, here is the deal give keepass a try. 

It allows you to keep passwords in a container (could be even stored on dropbox) that is fully encrypted. Keepass is free opensource software with a lot of features, like a password generator.

See for yourself:

Anyone who can access you account can surely get to them.  I am no expert, but it would probably be pretty easy to get them from another user account.  Roboform is decent but probably not that secure.
Haresh NikumbhConnect With a Mentor Sr. Tech leadCommented:
I use lastpass
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

TolomirConnect With a Mentor AdministratorCommented:
I use lastpass too, problem with lastpass and all password managers are keyloggers.

Here are some details on firefox password security.

When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default.  If you choose a good, strong master password, then this level of encryption should be fine.  3DES is rated to be good for general use through 2020.

You can make the stored password encryption FIPS 140-1 compliant by using an alternate security module.  See (in FireFox for Windows) “Tools > Options > Advanced > Encryption > Security Devices > Enable FIPS”.  This improves the encryption strength and makes it more difficult for guessing programs to open the encrypted passwords database.

However, if your Master Password is not well chosen, then a simple dictionary or variation attack may be able to discover it.

There is no 100% safe way to store passwords on your computer, and there is no password manager that cannot be compromised.  if you are that concerned about password security you should storing them offline and entering them manually.  The few seconds saved with stored passwords could translate to weeks of misery if they are compromised.

Lionel MMSmall Business IT ConsultantAuthor Commented:
I do use a master password and it is a combination of numbers, letters and special characters and 15 characters long. I will try lastpass and checkout FIPS--thanks.
Lionel MMSmall Business IT ConsultantAuthor Commented:
Installed lastpass but don't like that you have to have an online account and that my passwords are stored online--seems to defeat the purpose of trying to keep my passwords secure. Also made the FIPS change--now each time I start firefox it makes me enter my password twice--is that right or did I do something wrong here?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.