Password Manager

Discussion in 'Firefox' started by Holley, Aug 20, 2005.

  1. Holley

    Holley Guest

    How can I get Password manager to remember ALL sites requiring a
    password? Password manager accepts most sites, but I am now
    encountering sites that don't open PWMgr, and I hate trying to remember
    my passwords!

    ilex
     
    Holley, Aug 20, 2005
    #1
    1. Advertising

  2. Holley

    Doug G Guest

    Holley wrote:
    > How can I get Password manager to remember ALL sites requiring a
    > password? Password manager accepts most sites, but I am now
    > encountering sites that don't open PWMgr, and I hate trying to remember
    > my passwords!
    >
    > ilex


    Try the "remember password" bookmarklet at
    http://www.squarefree.com/bookmarklets/forms.html
     
    Doug G, Aug 20, 2005
    #2
    1. Advertising

  3. Holley

    Ed Mullen Guest

    Doug G wrote:

    > Holley wrote:
    >
    >> How can I get Password manager to remember ALL sites requiring a
    >> password? Password manager accepts most sites, but I am now
    >> encountering sites that don't open PWMgr, and I hate trying to
    >> remember my passwords!
    >>
    >> ilex

    >
    >
    > Try the "remember password" bookmarklet at
    > http://www.squarefree.com/bookmarklets/forms.html


    Good advice. But remember that some sites are coded to prevent
    recording logon info for security purposes. On some of those sites
    (depending on the method used) the bookmarklet will not work.

    --
    Ed Mullen
    http://edmullen.net
    http://edmullen.net/Mozilla/moz.html
    They show you how detergents take out bloodstains. I think if you've got
    a T-shirt with bloodstains all over it, maybe your laundry isn't your
    biggest problem.
     
    Ed Mullen, Aug 21, 2005
    #3
  4. Holley

    Z Guest

    Holley wrote:
    > How can I get Password manager to remember ALL sites requiring a
    > password? Password manager accepts most sites, but I am now
    > encountering sites that don't open PWMgr, and I hate trying to remember
    > my passwords!


    There's a reason why some sites don't want passwords stored locally:
    security. Before you go and store your bank or 401(k) account or other
    important passwords locally, make sure you understand the risks.
     
    Z, Aug 22, 2005
    #4
  5. Holley

    Stubby Guest

    Z wrote:
    > Holley wrote:
    >
    >> How can I get Password manager to remember ALL sites requiring a
    >> password? Password manager accepts most sites, but I am now
    >> encountering sites that don't open PWMgr, and I hate trying to
    >> remember my passwords!

    >
    >
    > There's a reason why some sites don't want passwords stored locally:
    > security. Before you go and store your bank or 401(k) account or other
    > important passwords locally, make sure you understand the risks.


    My understanding is locally-stored passwords are encrypted. The bank's
    web site can retrieve the password and decrypt it at the bank. There is
    little risk in storing passwords locally.
     
    Stubby, Aug 22, 2005
    #5
  6. Holley

    Z Guest

    Stubby wrote:
    >>> How can I get Password manager to remember ALL sites requiring a
    >>> password? Password manager accepts most sites, but I am now
    >>> encountering sites that don't open PWMgr, and I hate trying to
    >>> remember my passwords!


    >> There's a reason why some sites don't want passwords stored locally:
    >> security. Before you go and store your bank or 401(k) account or other
    >> important passwords locally, make sure you understand the risks.


    > My understanding is locally-stored passwords are encrypted. The bank's
    > web site can retrieve the password and decrypt it at the bank. There is
    > little risk in storing passwords locally.


    There is GREAT risk in using FF's Password Manager to store important
    passwords. See for yourself: open Password Manager (Tools > Options >
    Privacy > Saved Passwords). Click View Saved Passwords > Show Passwords.

    See them all?

    You can call it "encryption" because they're not stored in plain text,
    but it's not secure by any means. I would never EVER store my banking or
    shopping or any important passwords in Password Manager.
     
    Z, Aug 22, 2005
    #6
  7. Holley

    Stubby Guest

    Z wrote:
    > Stubby wrote:
    >
    >>>> How can I get Password manager to remember ALL sites requiring a
    >>>> password? Password manager accepts most sites, but I am now
    >>>> encountering sites that don't open PWMgr, and I hate trying to
    >>>> remember my passwords!

    >
    >
    >>> There's a reason why some sites don't want passwords stored locally:
    >>> security. Before you go and store your bank or 401(k) account or
    >>> other important passwords locally, make sure you understand the risks.

    >
    >
    >> My understanding is locally-stored passwords are encrypted. The
    >> bank's web site can retrieve the password and decrypt it at the bank.
    >> There is little risk in storing passwords locally.

    >
    >
    > There is GREAT risk in using FF's Password Manager to store important
    > passwords. See for yourself: open Password Manager (Tools > Options >
    > Privacy > Saved Passwords). Click View Saved Passwords > Show Passwords.
    >
    > See them all?
    >
    > You can call it "encryption" because they're not stored in plain text,
    > but it's not secure by any means. I would never EVER store my banking or
    > shopping or any important passwords in Password Manager.

    Something is wrong then. FF should store what the web site says, but
    that should be encrypted. When you print it as you described, it
    should be nonsense. I think the problem is that the website is not
    encrypting your password and telling your browser (PW Mgr) to store the
    encrypted version.
     
    Stubby, Aug 22, 2005
    #7
  8. Holley

    Z Guest

    Stubby wrote:
    >>>>> How can I get Password manager to remember ALL sites
    >>>>> requiring a password? Password manager accepts most sites,
    >>>>> but I am now encountering sites that don't open PWMgr, and I
    >>>>> hate trying to remember my passwords!


    >>>> There's a reason why some sites don't want passwords stored
    >>>> locally: security. Before you go and store your bank or 401(k)
    >>>> account or other important passwords locally, make sure you
    >>>> understand the risks.


    >>> My understanding is locally-stored passwords are encrypted. The
    >>> bank's web site can retrieve the password and decrypt it at the
    >>> bank. There is little risk in storing passwords locally.


    >> There is GREAT risk in using FF's Password Manager to store
    >> important passwords. See for yourself: open Password Manager (Tools
    >> > Options > Privacy > Saved Passwords). Click View Saved Passwords
    >> > Show Passwords.

    >>
    >> See them all?
    >>
    >> You can call it "encryption" because they're not stored in plain
    >> text, but it's not secure by any means. I would never EVER store my
    >> banking or shopping or any important passwords in Password Manager.


    > Something is wrong then.


    Nothing is wrong.


    > FF should store what the web site says, but that should be encrypted.


    Password Manager stores what you enter. A _cookie_ created by the web
    site may contain strongly encrypted data, but that cookie can be read
    and used by someone else.

    You can use a Master Password on the Password Manager, but that saves
    you nothing in terms of typing fewer passwords, which was your original
    issue.

    The crux of the problem is: if you can access your banking or other
    important web sites w/o interactively typing a password, then so can
    malware.
     
    Z, Aug 22, 2005
    #8
  9. Holley

    Stubby Guest

    Z wrote:
    > Stubby wrote:
    >
    >>>>>> How can I get Password manager to remember ALL sites
    >>>>>> requiring a password? Password manager accepts most sites,
    >>>>>> but I am now encountering sites that don't open PWMgr, and I
    >>>>>> hate trying to remember my passwords!

    >
    >
    >>>>> There's a reason why some sites don't want passwords stored
    >>>>> locally: security. Before you go and store your bank or 401(k)
    >>>>> account or other important passwords locally, make sure you
    >>>>> understand the risks.

    >
    >
    >>>> My understanding is locally-stored passwords are encrypted. The
    >>>> bank's web site can retrieve the password and decrypt it at the
    >>>> bank. There is little risk in storing passwords locally.

    >
    >
    >>> There is GREAT risk in using FF's Password Manager to store
    >>> important passwords. See for yourself: open Password Manager (Tools
    >>> > Options > Privacy > Saved Passwords). Click View Saved Passwords
    >>> > Show Passwords.
    >>>
    >>> See them all?
    >>>
    >>> You can call it "encryption" because they're not stored in plain
    >>> text, but it's not secure by any means. I would never EVER store my
    >>> banking or shopping or any important passwords in Password Manager.

    >
    >
    >> Something is wrong then.

    >
    >
    > Nothing is wrong.
    >
    >
    >> FF should store what the web site says, but that should be encrypted.

    >
    >
    > Password Manager stores what you enter. A _cookie_ created by the web
    > site may contain strongly encrypted data, but that cookie can be read
    > and used by someone else.
    >
    > You can use a Master Password on the Password Manager, but that saves
    > you nothing in terms of typing fewer passwords, which was your original
    > issue.
    >
    > The crux of the problem is: if you can access your banking or other
    > important web sites w/o interactively typing a password, then so can
    > malware.


    Nope. Not if what it gets out of the cookie is encrypted.
     
    Stubby, Aug 23, 2005
    #9
  10. Holley

    Z Guest

    Stubby wrote:
    >> The crux of the problem is: if you can access your banking or other
    >> important web sites w/o interactively typing a password, then so can
    >> malware.


    > Nope. Not if what it gets out of the cookie is encrypted.


    Malware running surreptitiously on your PC could connect to your banking
    website and use your stored cookie to authenticate.

    There are GOOD reasons why financial websites require you to log in
    interactively every time you connect, Circumvent that safeguard at your
    own risk.

    Feel free to have the last word now; I'm not going to get into a pissing
    contest with you. Suffice it to say that remote security, encryption and
    authentication are large parts of what I do professionally, for a living.

    You've been warned. You're on your own now.
     
    Z, Aug 23, 2005
    #10
  11. Holley

    Ed Mullen Guest

    Z wrote:
    > Stubby wrote:
    >
    >>>>>> How can I get Password manager to remember ALL sites
    >>>>>> requiring a password? Password manager accepts most sites,
    >>>>>> but I am now encountering sites that don't open PWMgr, and I
    >>>>>> hate trying to remember my passwords!

    >
    >
    >>>>> There's a reason why some sites don't want passwords stored
    >>>>> locally: security. Before you go and store your bank or 401(k)
    >>>>> account or other important passwords locally, make sure you
    >>>>> understand the risks.

    >
    >
    >>>> My understanding is locally-stored passwords are encrypted. The
    >>>> bank's web site can retrieve the password and decrypt it at the
    >>>> bank. There is little risk in storing passwords locally.

    >
    >
    >>> There is GREAT risk in using FF's Password Manager to store
    >>> important passwords. See for yourself: open Password Manager (Tools
    >>> > Options > Privacy > Saved Passwords). Click View Saved Passwords
    >>> > Show Passwords.
    >>>
    >>> See them all?
    >>>
    >>> You can call it "encryption" because they're not stored in plain
    >>> text, but it's not secure by any means. I would never EVER store my
    >>> banking or shopping or any important passwords in Password Manager.

    >
    >
    >> Something is wrong then.

    >
    >
    > Nothing is wrong.
    >
    >
    >> FF should store what the web site says, but that should be encrypted.

    >
    >
    > Password Manager stores what you enter. A _cookie_ created by the web
    > site may contain strongly encrypted data, but that cookie can be read
    > and used by someone else.
    >
    > You can use a Master Password on the Password Manager, but that saves
    > you nothing in terms of typing fewer passwords, which was your original
    > issue.
    >
    > The crux of the problem is: if you can access your banking or other
    > important web sites w/o interactively typing a password, then so can
    > malware.


    Of course it saves effort. You only have to remember ONE password, the
    Master Password for Firefox, to access potentially hundreds of sites
    that have different logon info, instead of all those individual logons.
    The pw file's data is encrypted. In the PW Manager you must enter the
    Master PW to view the passwords/logon data and have it sent to the
    secure site's logon form.

    As for malware, can you cite a real example of some such program
    actually intercepting and being able to decrypt encrypted traffic in the
    situation you suggest? That is:

    - user logon data is locally encrypted
    - the link between the user's PC and the secure site is encrypted

    Just curious whether you have actual examples or not.

    --
    Ed Mullen
    http://edmullen.net
    http://edmullen.net/Mozilla/moz.html
    Everyone has a right to be stupid. Some just abuse the privilege.
     
    Ed Mullen, Aug 23, 2005
    #11
  12. Holley

    Z Guest

    Ed Mullen wrote:
    >> Password Manager stores what you enter. A _cookie_ created by the
    >> web site may contain strongly encrypted data, but that cookie can
    >> be read and used by someone else.
    >>
    >> You can use a Master Password on the Password Manager, but that
    >> saves you nothing in terms of typing fewer passwords, which was
    >> your original issue.
    >>
    >> The crux of the problem is: if you can access your banking or other
    >> important web sites w/o interactively typing a password, then so
    >> can malware.

    >
    >
    > Of course it saves effort. You only have to remember ONE password,
    > the Master Password for Firefox, to access potentially hundreds of
    > sites that have different logon info, instead of all those individual
    > logons.


    And now you have to use a password to access _any_ password data stored
    in PW mgr. Want to read nytimes.com? Enter the master pw rather than
    just letting FF fill the fields in for you on the Member Login page.
    I've tried it, it's not a savings.

    I have over 100 passwords in PW Mgr for newspapers and sites I access
    frequently. I have 6 banking sites that I visit weekly, at best, and
    need to remember the pw for.

    There's much more typing with a master pw than without.


    > As for malware, can you cite a real example of some such program
    > actually intercepting and being able to decrypt encrypted traffic in
    > the situation you suggest? That is: - user logon data is locally
    > encrypted - the link between the user's PC and the secure site is
    > encrypted Just curious whether you have actual examples or not.


    Intercepting and decrypting encrypted traffic is not a mechanism I listed.

    Using cookies to authenticate is. Stealing weakly on un-encrypted
    password files is. Known malware uses both those methods to gather
    personal authentication data on victims.
     
    Z, Aug 23, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dirk
    Replies:
    4
    Views:
    1,503
  2. zll9527
    Replies:
    1
    Views:
    1,141
    Clark_Harris
    Feb 26, 2004
  3. Rene Kuhn
    Replies:
    0
    Views:
    911
    Rene Kuhn
    Dec 28, 2005
  4. Kompu Kid
    Replies:
    5
    Views:
    1,504
    Wai Doan Hsu
    Aug 2, 2004
  5. =?Utf-8?B?Sm9obmV0ZWM=?=

    Services will not load (No device manager, disk manager, etc...)

    =?Utf-8?B?Sm9obmV0ZWM=?=, Aug 1, 2006, in forum: Windows 64bit
    Replies:
    13
    Views:
    657
    =?Utf-8?B?Sm9obmV0ZWM=?=
    Aug 2, 2006
Loading...

Share This Page