By Leo Notenboom
If I consider my computer to be physically secure, am I reasonably safe
letting Firefox remember my passwords (without using a master password), or am
I being incredibly stupid to do that? What if I do use a master password?
I certainly wouldn’t say incredibly stupid at all. But it’s definitely an
additional risk, and one that needs to be understood.
But you’re correct in considering physical security first. The problem is
that people often assume they have more physical security than they actually
And master passwords? Well, they’re nice, but they too have their
Internet Explorer User?
IE’s situation is actually slightly worse. While there is no option in IE to
actually display saved passwords, there are several downloadable tools that
will. The article
I forgot my password – can I somehow get my auto-login remembered password?
So the risks are pretty much the same with Internet Explorer, and with fewer
options to deal with that risk.
If you’re at all wondering why this is even an issue, in Firefox do the
- Click on the Tools menu
- Click on the Options menu item
- Click on the Security tab
- Click on the Saved Passwords… button
- Click on the Show Passwords button
Yes, the Show Passwords button.
A few clicks and all your passwords are visible.
While I’ve obscured my own information, that dialog shows a list of URLs,
Usernames and Passwords as remembered in my copy of Firefox. All we had to do
was walk up to the computer follow the simple instructions above to make
all passwords clearly visible.
That should have you thinking very carefully about your
Anyone who can walk up to your computer can do that, and pretty darned
[This post is excerpted with Leo’s permission from his Ask Leo blog.]
Leo Notenboom has been involved in the tech industry for nearly 30 years. After retiring from an 18 year career as a Microsoft Software Engineer Leo went on to create Ask Leo!, a free web site where he answers real questions from ordinary computer users.
FaceBook URL: Leo’s Facebook
Twitter URL: http://twitter.com/askleo