What is Digg?91 Comments
- LunchMoney, on 10/12/2007, -2/+14The master password is not forced by default. Which means that most people will not know about it or use it.
- droxy429, on 10/12/2007, -0/+10I've known this for quite some time and set a master password, however its not very obvious.
When enabling saved passwords, or the first time you click "remember" it should ask if you want to set a master password. Maybe in ff 2.0
Dugg, hopefully more firefox users will become aware and set a master password - vuzman, on 10/12/2007, -0/+8The master password is NOT set by default, and the average user will NOT set it by himself. I warn everyone I know that is using Firefox to set a master password. This is best achieved by showing them how I can look at all their saved passwords just by looking in the options-dialog(!).
I have also filed a bug-report on this, because this is a really, really stupid behavior to have as a default setting. - Portfolioso, on 10/12/2007, -5/+12I have been aware of this.
This is why you set the master password... - Kingy, on 10/12/2007, -1/+6hmm, that guy has 2 digg accounts.. one to digg his own comments/stories?
- zone, on 10/12/2007, -0/+5the passwords in that file look like encripted or something.
- cbdgr, on 10/12/2007, -2/+7YEah all nicely saved in "C:Documents and Settings[slash]Administrator[slash]Application Data[slash]Mozilla[slash]Firefox[slash]Profiles[slash]something.default[slash]signons.txt" for bugers to grab
- ddrirc, on 10/12/2007, -2/+7I always thought this was a feature. You have no idea how many times I've looked up my own password with that.
- nfollmer, on 10/12/2007, -1/+5yeah if you save your password, it should be pretty obvious that anyone who touches your computer could get it
- agimat, on 10/12/2007, -1/+5"Why are people flaming others about not knowing this?"
Because FF is so wonderful it must be the stupid users fault..
God forbid someone even hints that FF is not perfect. - x3n1, on 10/12/2007, -1/+5This should be more obvious to the n00bs out there, having a master password is a great feature, maybe a first time warning could be written?
OFN - chair, on 10/12/2007, -0/+4You've misunderstood. When it logs into a site for you it will show a bunch of asterisks. But if you go to Tools -> Options -> Privacy -> Passwords and click show passwords, it'll give you the actual passwords.
I wasn't aware of it until a while after i started using Firefox. I think it would be better to prompt for a master password when the first password is entered. Then require that password to show the entries, but not to just normally log in to a web site.
I think the current Firefox way assumes that your computer is secure, and you've already logged in to the OS. - tcissell, on 10/12/2007, -0/+3I've always considered this a great feature, and like others, use it on a regular basis to find my passwords. However, I would like the ability to search the URLs in the file - and it could use a bit more functionality (similar to KeePass would be wonderful - http://keepass.sourceforge.net/)
- Biker803, on 10/12/2007, -0/+3Known about this for a while... it's not hard to secure your passwords. As others have said though, make sure you set a master password! It doesn't matter so much if you'll be the only one who ever uses the computer, and it's a great feature to see what your password is if you forget it (and you would do that how since it's saved?), but this feature isn't heavily advertised... well, not at all, so I guess I'm not surprised half of you are all "oh my god..." about this.
- mediocreguy, on 10/12/2007, -2/+5Take out this 'feature', and people complain because they can't see them
Put it in, and people shout that it's a security violation.
Fx has done the right thing by putting in a master password. 2.0 should let users know upon the first time saving passwords that they should set one / present a dialog for it. Does 1.5 do this now? Correct me if I'm wrong, I may be.
I don't see this as much a hole as another way that Stupid User Syndrome can hurt a product.
Software is only as good as the user running it...we've known that for years. - BlueBoiks, on 10/12/2007, -0/+3Firefox does encrypt its passwords by default since 1.0 release I believe, without having to turn on Master Password, Thunderbird doesn't.
- cyssero, on 04/18/2009, -0/+3It's amazing how features that have been built into the program for quite some time now becomes news.
Though this one 'feature' can cause serious doubts about Firefox being the most secure browser, when the assailant is using the computer. - vuzman, on 10/12/2007, -0/+3@starwed: Yes, but there is a pretty friggin big difference between storing the passwords in an encrypted file and showing them in cleartext. Only a person with cracking skills can get to Opera's saved passwords, and while this may not be too hard, only very few people actually have the ability and tools to do this. EVERYONE can see Firefox's saved passwords with hardly any effort at all.
- vuzman, on 10/12/2007, -1/+4No they don't. They really should, however. Actually, they should force the user to set a master password, or disable this function. It really is a grave security issue.
- legendxx, on 10/12/2007, -0/+3So wait.. if I save my passwords with firefox so that anytime I view that page in firefox again.. it will automatically enter my password for me? Thats awesome...
But now you're telling me that anyone who can jump on my computer.. open the same firefox I use.. view the same pages I view.. and firefox will still enter the password for me? THATS OUTRAGEOUS! Firefox should know by some biometric fingerprint scan thats its not me actually typing in the url.. How can I be expected to use other basic security features when I have porn to look at and noobs to frag. - RompeRatones, on 10/12/2007, -1/+4BlueBolks's answer is right. Why bitch about firefox stored password? if you are paranoic-freak you dont even share your OS account with other local users
- loganz, on 10/12/2007, -0/+2i always knew this.. it saved me a bunch of times though when i forgot a password and needed to look it up... i have a master pw set, and i lock my computer when im not on it.. and the fact that i live alone, makes it a little safer for me
- oneoffmanmental, on 10/12/2007, -1/+3Saying this is a feature makes Mozilla apologists guilty of the same excuse Microsoft made for years.
Only now Microsoft is slowly switching to secure defaults. So should Mozilla.
PS: I'm not a Mozilla hater, I use Firefox all the time. - BlueBoiks, on 10/12/2007, -2/+4Now if you find some stupid JavaScript that exposes these passwords then I will care, but now I don't CARE. This is just some lame blogger looking to get some Google AdSense. DO NOT BE FOOLED!
- jasdev, on 10/12/2007, -1/+3Ive occasionally wondered if there was another techie person using my firefox he/she would know where the saved passwords are,but never really worried cos im the only who uses this computer. Now I know better, beats me how I missed the 'set master password' button.
Okay digg is informative, entertaining, and now very useful.
Dont stop asking important questions ! - Gargoyle, on 10/12/2007, -1/+3I am sure I remember a big warning box popup when I first told firefox to remember a password. Unless I am mistaken, this is exactly what the warning warns about?!?!
I can't get the warning box backup, so I am just trying to remember. - DaviDK, on 10/12/2007, -1/+3Sometimes you enter the wrong password and authorize the password manager to record that.
That way the automatic form will always be wrong, by viewing the log in names and passwords you can easily see that you made the mistake, delete the entry and try again.
You still have the master password, and if you want privacy and security your profile in windows will have a password, so this will never be accessible to other users. - SNACKeR, on 10/12/2007, -1/+3really disappointed that this is enabled by default :(
- inactive, on 10/12/2007, -4/+6Opera encrypts its Wand (stored passwords). Fx should fix that since they say its more secure than other browsers.
- sintaks, on 10/12/2007, -1/+3I would rather Firefox have an easy-to-use, easily-viewable password manager than the IE alternative, which saves all your passwords whether you authorize it or not.
For those of you still stuck on IE, download a copy of Cain ( http://www.oxid.it/cain.html ), and see all the information IE is saving without your permission.
Even if you click "Don't Remember"... IE is still remembering. Not fun. - SuperJdynamite, on 10/12/2007, -0/+2Most of the comments seem to gloss right over the necessary precondition for viewing your passwords, namely that "somebody has access" to your computer. I think getting root/administrator access to your computer should be a sufficiently high barrier that you don't need to worry about your Firefox passwords.
Also, in the Windows build, it would be nice if the developers used DPAPI instead of the master password to secure data at rest. - gbitten, on 10/12/2007, -1/+2Why is this story buried?
- inactive, on 10/12/2007, -0/+1Portuguese / Brazilian : http://www.htk.com.br/noticia.php?noticia=200
---------------------------------------------------
http://www.htk.com.br/ - TennBikeBerk, on 10/12/2007, -2/+3What about the fact you have to enter your password that you use for the software security device?
- inactive, on 10/12/2007, -2/+3Why are people flaming others about not knowing this?
It made the frontpage because enough people dugg it, here's something else...........there's a lot of people that don't know about this so it's worth them knowing. So please, stop with the flames, stop with the "i know" just move along children.
Your account password is ok, but what if you let someone on the computer for a moment without logging out.....which lots of people do.
THINK YOU WANNA BE GEEKS, THINK. - L.Jenkins, on 10/12/2007, -0/+1I just decided to test the average user: Went into the next room, jumped on my brother's CPU, found out he uses the same password for everything he does...and apparently so does my mom, who occasionally uses that CPU for her banking, etc.
Now the scary part is that my brother also lets his friends use that CPU at will, giving them access to my mom's bank account. Not an atypical situation for the average user I would think. Big problem. - xmido, on 09/05/2008, -0/+1i dont care about people who can crack the password. i just dont like the idea of how the passwords r just there for anyone to c. i am talking about family members and people who live with me. if i go to the bathroom. my bro could check all my passwords in less than a minute. The master password is inconvenient, it ask u for the master password each time u open the browser. so why the hell am i making firefox remember my passwords if i am going to type the master passwords each time. its defies its purpose. that y i am using opera as my primary browser and firefox as my secondary.
- vuzman, on 10/12/2007, -1/+2@gbitten: NO, the passwords in Opera are NOT available in cleartext.
- TheMule444, on 10/12/2007, -10/+11Dugg, because I hate the fact that the passwords are easily viewable in firefox.
- vuzman, on 10/12/2007, -0/+1It should be perfectly obvious that someone could crack an encrypted file on your hard drive, containing the passwords. However, it is NOT perfectly obvious that the passwords are available in CLEARTEXT to any user by default.
- levee, on 10/12/2007, -0/+1I like the ability to view my passwords (it's too easy to forget them), but I think it's time most of us implemented the master password rather than risk the inevitable!
- 511pf, on 10/12/2007, -0/+1Storing passwords in the browser is an extraordinarily bad idea. It's one thing if the password is locally viewable. Just wait until there's a browser expoit that steals your passwords by browsing to a web page. It's going to happen. Use a separate password storage utility.
- vuzman, on 10/12/2007, -1/+2People are NOT "too stupid to realize this". People are not told of this feature, they have to find out by going through the options dialog, and no other browser AFAIK has this behavior, so it perfectly reasonable to assume that the saved passwords are not free for everyone to see.
- vuzman, on 10/12/2007, -1/+2The problem with this is that it is insecure by default. That is a very stupid thing to do. Firefox should opt for security by default an not allow the storing and viewing of passwords without setting a master password.
- activiorel, on 10/12/2007, -0/+0I 've found an addon for export your password when you reinstall your OS, the name is Password Exporter, and you can find it here - https://addons.mozilla.org/firefox/addon/2848
Vio,
http://www.free-games.online-instant.com/ - belfastbiker, on 10/12/2007, -0/+0Thanks for the heads up. Didn't realise since reinstalling my PC that my firefox was wide open like that. Password WAS previously set on my last config.
- BlueBoiks, on 10/12/2007, -1/+1they are encrypted and then base64 encoded. The key to decrypt is stored in a file called key3.db if I remember correctly.
- Hoaas, on 05/13/2008, -0/+0Could still be a way to disable the viewing from firefox. I don't want to type a password every time I start my browser, neither do I want every person I let near my computer for 30 seconds have a chance to discover my passwords by accident.
90% of the people I know have no idea how to dig out passwords from files stored somewhere on the HDD, the remaining 10% can do far worse things towards me if they get access to my computer anyway. - asdfsquared, on 11/21/2007, -0/+0i want to see comments!
- JudgeDredd, on 10/12/2007, -1/+1For all to see? That is misleading. Sure you always go to "Tools" "Options," "Privacy, " "Passwords." to change the settings. What the heck are you talking about?
-
Show 51 - 88 of 88 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is