It's also great that I don't even have to enable this feature, it just prompts me to start storing passwords after I start using Firefox for the first time! Firefox is great! So lets just assume that the 2nd most popular web browser is appropriately handling this extremely sensitive data.
Or should we...?
How simple could it be for someone to get access to these stored passwords...? As it turns out, using Firefox's default settings (Which I'm sure MOST people are), it's EXTREMELY easy.
All a person needs to do to gain access to your stored passwords in Firefox, assuming that they have a moment's access to your workstation is to perform the following steps...
- Click on Tools
- Select Options
- Click the Security Tab
- Click Saved Passwords
- Click Show Passwords
This, in my humble opinion, is a huge security flaw in Firefox and I'm blown away by how easy it is for people to unknowingly expose their user names and password to anyone with a few seconds access to their browser...
Posting this information is a double edged sword. On one hand, it alerts potentially "malicious users" to a way to gain access to your passwords. That is not my intentions. On the other hand, getting this information out to as many people as I can (and please help me ein this effort) should allow you to protect yourself from this vulnerability.
So, how can I protect myself?
In Firefox
- Disable the "Remember password for sites" feature or Setup the "Use a master password" feature in Firefox! These can both be setup in the same place as the "Show Passwords" option listed above!
- Always lock your workstation when you walk away from it. I never assume that I can trust anyone with free access to my workstation, and I recommend that you do the same!
1 comment:
Thanks Mr. Fox! :-P
Post a Comment