Ajit Monteiro

Firefox: Display All Saved Passwords

Posted in Browsers, Firefox, Security by amonteiro on December 6, 2006

Looking through the menus of Firefox I noticed a huge security risk.

1. Go to Tools -> Options 

2. Click the Security Tab

3. Click Show Passwords to view all the sites and usernames

4. Click Show Passwords again and all your passwords are listed 

Of course if you forget your username and password for a website this is an easy way of recovering them, but any random person using your computer has direct access to all your passwords.

The solution is to set a master password

1. Go to Tools -> Options 

2. Click the Security Tab

3. Check Use a Master Password

4. Click Change Master Password to set your password

 Now to access your password list you will be prompted for your master password. I am quite surprised that a browser that has gained such a huge following, due to it having better security than internet explorer, displays user passwords in such an unrestricted way.


One Response

Subscribe to comments with RSS.

  1. Adnan said, on December 6, 2006 at 2:29 pm

    I don’t really consider this a huge security risk. If someone tells the browser to save their password it’s fairly obvious that the password is being stored somewhere on the computer.

    If I was to use a public computer I obviously wouldn’t ask the browser to remember a password. The risk you’re talking about is letting someone you did not trust use a computer you stored passwords on. That is a completely separate risk.

    If someone untrustworthy gained access to my computer, I’d have a lot more to worry about then the passwords stored in firefox

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: