I was just on the Sallie Mae payment website and they have a warning that memorized passwords can be accessed in plain English. I thought the passwords were suppose to be secure and encrypted. Is there an update that needs to be installed. Very concerning.
- All posts
- Helpful Solutions
I think that this is a website's choice. In general, payment websites are based on a database to store information like usernames/passwords etc.. There is a choice for this info to be stored encrypted but it can also be stored unencrypted/plain text. I think that's a bad practice to store passwords in plain text, but it's your website's choice.
What I suggest is: Don't use your favorite password!
Moreover, you can contact them and explain your concerns!
Edit: This post is technically incorrect, as explained in the following post. But you still want to set a Master Password.
If you have Firefox remember passwords, they are NOT stored in a secure encrypted format UNLESS you apply a master password. I'm not sure there is a good warning about that. To learn more about master passwords, see this article: Use a Master Password to protect stored logins and passwords.
They stored encrypted in signons.sqlite even if you do not use a MP, but having access to the key3.db file is sufficient to decrypt them and the Password Manager will also show them if you copy the two files to another profile folder or computer.
The names and passwords stored in signons.sqlite are encrypted with a Triple DES key (CBC mode) that is stored in key3.db and a master password adds an additional level to this encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.
- IMPORTANT ANNOUNCEMENT: We’re going through some system changes, that may have slowed responses to your questions. If you had asked a question in the last couple of months, please re-post it and the community will help you as soon as we can. If you’ve registered after February 7th, please register again, the accounts on the previous site were not migrated to this temporary site. If you joined us before February 7, please reset your password if you have trouble logging into this temporary site.