Make sure you set a master password in Firefox
I consider the Firefox Master Password a must-set security feature of the web browser if you are using Firefox's built-in password manager to save usernames and passwords.
While that is very comfortable to do, as you do not need to memorize passwords anymore to log in to websites and do not need to type the data manually anymore as well, it is also a security risk if you do not set a master password as anyone with access to your computer may access the password database or log in to sites.
Anyone with access to your computer is able to go into Alt-Key -> Tools > Options and click on Show Passwords under the Security tab.This displays a list of all authentication information -- that is username, password and the website they are associated with -- that you have saved in Firefox previously.
A click on the button 'Show passwords' in that new menu displays all corresponding passwords for all sites. Gmail, Blogs, Myspace, nothing is really safe. By taking a look at your passwords someone could also analyze patterns. If you were using the same passwords on all sites it is fairly easy to assume that your pop3 email account would most likely use the same password as well.
Set a Firefox Master Password
To set a new Master Password in Firefox do the following:
- Go back to the Security tab in the browser's options.
- Here you need to check the "Use a master password" box.
- The Change Master Password window that you see on the screenshot above opens up.
- Type the new password twice here and click ok to save it.
Note: It is highly recommended to select a safe password. Use the password quality meter as guidance. It is also important to note that you will lose access to all information stored in the password database of the browser if you forget the Master Password.
You will be asked to enter the Master Password once per session from that moment on, usually when the browser starts. If you close Firefox and reopen it again, you will be asked again for it.
Advertisement
@Chris & WizzKid: Complexity does not make a difference. Its a security hole in firefox and has nothing to do with the strength of your password.
yesyes i knew about this, but I got to tired of typing the password over and over again so I disabled it x) Doesn’t matter for me because all my friends coulnd’t propably find the options :P
Great tip. Never knew it! And with my luck my crazy coworker would try and get my stuff.
Thanks for this tip.
Firefox should do a better job letting users know about this ‘feature’.
@Kris: A combination of numbers, capitals and non-caps all in a 10 character word should be solid?
thanks for this martin.
i too did not know that you could show passwords in ff.
@kris: note to self: make complex password :D thanks for the heads up on this!!
Thanks!
There is a master password cracker for Firefox available, so if you’re going to use a MP, try to make sure it’s a non-trivial one.
Thanks for the heads up! Never realized firefox allowed to show passwords!