By Leo Notenboom

If I consider my computer to be physically secure, am I reasonably safe
letting Firefox remember my passwords (without using a master password), or am
I being incredibly stupid to do that? What if I do use a master password?

I certainly wouldn’t say incredibly stupid at all. But it’s definitely an
additional risk, and one that needs to be understood.

But you’re correct in considering physical security first. The problem is
that people often assume they have more physical security than they actually
do.

And master passwords? Well, they’re nice, but they too have their
limitations.

•

Internet Explorer User?

IE’s situation is actually slightly worse. While there is no option in IE to
actually display saved passwords, there are several downloadable tools that
will. The article "http://ask-leo.com/i_forgot_my_password_can_i_somehow_get_my_autologin_remembered_password.html">
I forgot my password – can I somehow get my auto-login remembered password?
discusses them.

So the risks are pretty much the same with Internet Explorer, and with fewer
options to deal with that risk.

If you’re at all wondering why this is even an issue, in Firefox do the
following:

• Click on the Tools menu
• Click on the Options menu item
• Click on the Security tab
• Click on the Saved Passwords… button
• Click on the Show Passwords button

Yes, the Show Passwords button.

"http://images.ask-leo.com/2009/firefoxrememberedpasswords.png" alt=
"Firefox showing me my passwords" title=
"Firefox showing me my passwords" />

A few clicks and all your passwords are visible.

While I’ve obscured my own information, that dialog shows a list of URLs,
Usernames and Passwords as remembered in my copy of Firefox. All we had to do
was walk up to the computer follow the simple instructions above to make
all passwords clearly visible.

That should have you thinking very carefully about your
security.

Anyone who can walk up to your computer can do that, and pretty darned
quickly.

What can you do? There are several approaches.

[This post is excerpted with Leo's permission from his Ask Leo blog.]

Leo Notenboom has been involved in the tech industry for nearly 30 years. After retiring from an 18 year career as a Microsoft Software Engineer Leo went on to create Ask Leo!, a free web site where he answers real questions from ordinary computer users.

FaceBook URL: Leo’s Facebook

Twitter URL: http://twitter.com/askleo

About Leo Notenboom

Leo A. Notenboom is the owner of Puget Sound Software, LLC and the Leo in Ask Leo!. Leo has been in the personal computer and software industry since 1979, as a software engineer, a manager of software engineers, and as a consultant. In 1983 Leo joined what was then a medium sized local company called Microsoft and spent the next 18 years in a wide variety of groups working on a wide variety of software. If you're running Microsoft Windows, if you've used a Microsoft development tool or Microsoft Money, or if you've ever purchased a ticket through Expedia, there's a good chance you've been touched by some of his work. And of course, since 2003, Leo has been answering your tech questions on Ask Leo!

• 
• 
• 
• 
•