Firefox Users – Read this Now to Protect Your Passwords!

By On 7 September 2008 · Leave a Comment

Firefox Security - Your Passwords Are at Risk!

Following my piece about Google Chrome making password information visible to users (Oh Sh*t – Google Chrome Doesn’t Really do THAT?!) – I got several messages from people who were more worried about my observation that Firefox does the same.

The problem was that anyone using your PC could view a list of all usernames and passwords that you asked Firefox to remember – not asterisks: the actual passwords are visible to anyone. And because users tend to use the same passwords, it was exposing you to potentially disastrous consequences (e.g. your bank account being compromised), not to mention to the risk of various trojans and viruses getting hold of this information.

As David M. quite helpfully observed in his note to me:With Firefox you can set a master password (right where you view the passwords in the Options page). This will require Firefox to ask you for a password the first time you use any of the saved password. It will also require this password in order to show all saved passwords. While not perfect, this can be a good solution. My problem with it is that until I read your email I was not aware of it, and so my computer has been exposed to the problem.

Like me, David didn’t realise that the default in Firefox is that passwords are exposed unless you set a master password – and he’s a much more qualified geek than I am.

Some people might say that if the feature is there, it solves the problem, but in my mind, if the software doesn’t show you that the feature exists, in a way that is instinctively findable, then it is a design flaw, and as such is also a security flaw.

To summarise the findings in this Sunday pre-lunch post:

1. Firefox makes all your passwords visible to anyone who uses your PC, by default.

2. You can disable this option by setting a master password in the Options page.

3. Most people don’t know this, so even hardened Firefox users are at risk.

4. Google Chrome doesn’t actually have a master password option, so there’s a fundamental flaw in Chrome that compromises your passwords (more here).

5. Thanks to those who have written in!

Now go set a master password on your Firefox: Tools –> Options –> Security Tab –> Use Master Password.

 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious Digg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please leave these two fields as-is:
Set your Twitter account name in your settings to use the TwitterBar Section.