X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Are the memorized passwords in plain english? See Sallie Mae Website

Posted

I was just on the Sallie Mae payment website and they have a warning that memorized passwords can be accessed in plain English. I thought the passwords were suppose to be secure and encrypted. Is there an update that needs to be installed. Very concerning.

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.7 r700
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.03
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • LogMeIn, Inc. Remote Access Components
  • 5.1.20125.0
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • RealPlayer Download Plugin
  • RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
  • RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In
  • RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
  • RealDownloader Plugin
  • Next Generation Java Plug-in 10.5.1 for Mozilla browsers
  • iTunes Detector Plug-in
  • 12.0.1.647
  • ActiveTouch General Plugin Container Version 105
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • DRM Netscape Network Object
  • Npdsplay dll
  • DRM Store Netscape Plugin

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0

More Information

alco 18 solutions 141 answers

Hi scrab,

I think that this is a website's choice. In general, payment websites are based on a database to store information like usernames/passwords etc.. There is a choice for this info to be stored encrypted but it can also be stored unencrypted/plain text. I think that's a bad practice to store passwords in plain text, but it's your website's choice.
What I suggest is: Don't use your favorite password!

Moreover, you can contact them and explain your concerns!

jscher2000
  • Top 10 Contributor
2347 solutions 20800 answers

Helpful Reply

Edit: This post is technically incorrect, as explained in the following post. But you still want to set a Master Password.

If you have Firefox remember passwords, they are NOT stored in a secure encrypted format UNLESS you apply a master password. I'm not sure there is a good warning about that. To learn more about master passwords, see this article: Use a Master Password to protect stored logins and passwords.

Modified by jscher2000

cor-el
  • Top 10 Contributor
  • Moderator
10738 solutions 96600 answers

Helpful Reply

They stored encrypted in signons.sqlite even if you do not use a MP, but having access to the key3.db file is sufficient to decrypt them and the Password Manager will also show them if you copy the two files to another profile folder or computer.


The names and passwords stored in signons.sqlite are encrypted with a Triple DES key (CBC mode) that is stored in key3.db and a master password adds an additional level to this encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.