Thursday, February 22, 2007

Password Security and Firefox

I was recently asked the following question: How secure is Firefox's Password Manager? I wasn't entirely sure, so I went checking. Here's what I've found. All things considered, Firefox's Password Manager (PM) looks fairly secure. Check out this post here. Given that the passwords are encrypted, they will be hard to recover. There is though, as the comments of this article point out, at least one security weakness in Firefox's Password Manager, but it should be fixed by the 2.0.0.2 release, which will be released sometimes later this month (or so they say). So I guess its not the end of the world.

About brute force password recovery tools (like FireMaster), well, I'm not sure what to think. As long as your Master Password is a good one, then I suppose it will probably have difficulty cracking it (am I right about this, anyone?). Maybe I'll try it out and see how long it takes for it to crack my own password. Anyway, if you want to be paranoid about it - it looks like the best solution I've seen is Passwordmaker, which generates random passwords for you, and the interesting thing is that it doesn't store any passwords on your computer at all, but rather - as I understand it - it generates them on-the-fly when you access your various sites.

The most hard-core way to go is TrueCrypt (though its not specifically Firefox related) and I've seriously been thinking about using it to encrypt my entire hard-drive. But at the very least, I use it to encrypt all the electronic texts of mine that have any sensitive info on them (like SS numbers, tax info, bank-account numbers, and whatnot).

No comments: