Avatar for Username

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Learn More

Táto téma bola archivovaná. Ak potrebujete pomôcť, založte prosím novú otázku.

Why is the saved password list not obfuscated or even behind an admin password prompt?

  • 3 odpovede
  • 1 má tento problém
  • 5 zobrazení
  • Posledná odpoveď od sirwheatthins

sirwheatthins
sirwheatthins
more options

I think it's unacceptable that in 2015 I could still harvest the average user's usernames and passwords by simply asking to use their browser for a few minutes. Edit > Preferences > Saved Passwords... should be behind a password prompt, rather than being accessible by default. Upon clicking this, you are given a list of usernames, passwords, sites the accounts are for, and the dates last used or changed. Upon clicking Show Passwords, the passwords are revealed, as described. This seems like an incredibly exploitable issue. Sure, a user has the option to not save passwords for future use, but the average user neither cares nor understands the issue in detail. Hell, I didn't even know this feature existed, and I've used Firefox since 2.x.x. It is my understanding that Chrome has this under a password lock, and I believe it is imperative that Firefox makes this change.

I've attached a screenshot of this menu, with my data removed.

I think it's unacceptable that in 2015 I could still harvest the average user's usernames and passwords by simply asking to use their browser for a few minutes. Edit > Preferences > Saved Passwords... should be behind a password prompt, rather than being accessible by default. Upon clicking this, you are given a list of usernames, passwords, sites the accounts are for, and the dates last used or changed. Upon clicking Show Passwords, the passwords are revealed, as described. This seems like an incredibly exploitable issue. Sure, a user has the option to not save passwords for future use, but the average user neither cares nor understands the issue in detail. Hell, I didn't even know this feature existed, and I've used Firefox since 2.x.x. It is my understanding that Chrome has this under a password lock, and I believe it is imperative that Firefox makes this change. I've attached a screenshot of this menu, with my data removed.
Priložené obrázky

Upravil(a) sirwheatthins dňa

Vybrané riešenie

https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Čítať túto odpoveď v kontexte 👍 0

Všetky odpovede (3)

sirwheatthins
sirwheatthins Autor otázky
more options

Net dropped out, failed to post image.

Edit: fixed, can't delete this reply.

Upravil(a) sirwheatthins dňa

the-edmeister
the-edmeister
  • Moderator
more options

Vybrané riešenie

https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

sirwheatthins
sirwheatthins Autor otázky
more options

the-edmeister said

https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Thank you, I was under the impression that master password was a password that is used in place of all other passwords, kind of like using Lastpass or something similar. I see that I was mistaken.