Why is the saved password list not obfuscated or even behind an admin password prompt?
I think it's unacceptable that in 2015 I could still harvest the average user's usernames and passwords by simply asking to use their browser for a few minutes. Edit > Preferences > Saved Passwords... should be behind a password prompt, rather than being accessible by default. Upon clicking this, you are given a list of usernames, passwords, sites the accounts are for, and the dates last used or changed. Upon clicking Show Passwords, the passwords are revealed, as described. This seems like an incredibly exploitable issue. Sure, a user has the option to not save passwords for future use, but the average user neither cares nor understands the issue in detail. Hell, I didn't even know this feature existed, and I've used Firefox since 2.x.x. It is my understanding that Chrome has this under a password lock, and I believe it is imperative that Firefox makes this change.
I've attached a screenshot of this menu, with my data removed.
Upravil(a) sirwheatthins dňa
Všetky odpovede (3)
Net dropped out, failed to post image.
Edit: fixed, can't delete this reply.
Upravil(a) sirwheatthins dňa
the-edmeister said
https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins
Thank you, I was under the impression that master password was a password that is used in place of all other passwords, kind of like using Lastpass or something similar. I see that I was mistaken.