Home » Questions » Computers [ Ask a new question ]

How safe is Firefox password manager?

How safe is Firefox password manager?

I have been using the Firefox password manager for long time, but never checked/verified how secure it is.

Asked by: Guest | Views: 78
Total answers/comments: 5
Guest [Entry]

"The following post sums it up best from the luxsci.com blog

When Master Passwords are in use, the
data is encrypted using 3DES in CBC
mode by default. If you choose a
good, strong master password, then
this level of encryption should be
fine. 3DES is rated to be good for
general use through 2020.

You should be aware that there are
programs out there designed to crack
open the saved passwords. One such
program is FireMaster. If you do not
choose a strong Master Password, then
your encrypted database may be
susceptible to being broken into"
Guest [Entry]

"This is probably a biased personal opinion.

I feel that integrating password storage into any system that provides many other features weakens their security to the vulnerabilities possible in that system. Other parts of the combined system form the weaker links in the security chain. It also helps using a non-standard system (read the conclusion on this link).

To that end, I prefer storing them in a TrueCrypt encrypted file.

Some other discussions,

Holes Remain Open in Firefox Password Manager, July 20, 2007.
LastBit FireFox Password Recovery 1.0
I like the part about, ""Please note that only saved passwords will be shown by FireFox Password. If user has entered a password but has not saved it, the password will not be shown.""
Password Manager Shootout – eWallet vs. KeePass vs. LastPass, favors LastPass"
Guest [Entry]

There's a great online password manager called Clipperz. It's great for being able to access your passwords from any computer. You can also host the software on your own hosting provider. It's not as convenient as Firefox's password manager becuase you do have to log in to access your passwords but for the ability to have your passwords where ever there is an internet connection is really handy for me.
There's a great online password manager called Clipperz. It's great for being able to access your passwords from any computer. You can also host the software on your own hosting provider. It's not as convenient as Firefox's password manager becuase you do have to log in to access your passwords but for the ability to have your passwords where ever there is an internet connection is really handy for me.
Guest [Entry]

"I strongly recommend to use LastPass instead. Firefox password manager is better than nothing, but even with a master password, it's not really that secure.

If you also want to share your passwords across multiple browsers and PCs, give LastPass]a try as they really found a great and secure way to share your passwords, while keeping them safe.

They also explain their technology in detail, so you can check how exactly they are protecting the passwords. The only ""downside"": you have to use javascript, as they use it to encrypt and decrypt your passwords."
Guest [Entry]

"For those asking what is encrypted, passwords or also urls, the urls are not encrypted in none of the presented solutions.

The problem starts if the browser has been logged in to a site with the checkbox ""stay logged in"" selected on the site login form. The session stays open for days, even weeks. If the computer inherits malware the malware can just pop in into the site and do it's bad deeds.

To the other subject, I for one have also e.g. paypal password set in the firefox password manager. Now I'm just waiting for malware to empty my CC account. It propably hasn't happened as few others have their paypal/amazon password set in firefox."