SillyDog701

Message Centre 3.0

Skip to content

Revisiting Password Managing

For all tech/computer related or even internet related discussions not covered in other sections. Also iPad, iPhone, iPod, Surface and multimedia discussions.

Moderators: profman, Josh, Don_HH2K

Post a reply

Revisiting Password Managing

Postby James » Fri 23 Mar, 2012 5:27 pm

FF has a password manager which allows you to keep your passwords stored on your own computer in the browser and under a master password rather than in the cloud (i.e. Lastpass). Some might claim that this is a safer solution and for the time being let's consider it to be such.

My questions then would be:

- are the passwords stored in encrypted form in the Firefox browser?

- if the answer to the above is yes, then how would a manager like Roboform be any safer than Firefox, if we forget about additional things that Roboform offers such as form-fill?
UserAgent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0
James
User avatar
James
diamond member
diamond member
 
Posts: 2932
Joined: Sat 13 Jul, 2002 12:10 am
Top

Re: Revisiting Password Managing

Postby Antony » Fri 23 Mar, 2012 8:07 pm

James wrote:- are the passwords stored in encrypted form in the Firefox browser?
Yes.

According to this page, Mozilla's password manager is encrypted with 3DES in CBC mode.
I am not an expert on encryption, Don is. However Don is in his secret hiding mode still. Anyhow, I would guess that 3DES is not strong enough for Don.

James wrote:- if the answer to the above is yes, then how would a manager like Roboform be any safer than Firefox, if we forget about additional things that Roboform offers such as form-fill?

Well, someone summed it up nicely.
TechRepublic wrote:Because the Firefox password manager is part of Firefox, it could be regarded as one-stop shopping for security crackers and their malware. You would be better protected if you used a password manager external to the browser to save passwords; access the appropriate password in the password manager, then type or copy it into the site’s login form yourself. Still, in absence of a separate password manager, this is better than using the same password across multiple sites.


However, if you are super-secret (or paranoid) like Don, you probably won't trust a third party password manager, particularly the cloud version. It is quite likely that those cloud password managing services may have an agreement with Don's US Government, allowing Government to have back-door access.
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.28) Gecko/20120306 AlexaToolbar/alxf-2.14 Firefox/3.6.28
User avatar
Antony
diamond member
diamond member
 
Posts: 14926
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Re: Revisiting Password Managing

Postby James » Fri 23 Mar, 2012 8:50 pm

You're a riot, Antony. Don will be so pleased. :D
UserAgent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0
James
User avatar
James
diamond member
diamond member
 
Posts: 2932
Joined: Sat 13 Jul, 2002 12:10 am
Top
Post a reply

Return to General Computing, Gadgets and Tech

Who is online

Registered users: Google [Bot]

Powered by phpBB © phpBB Group
support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac