IE and Firefox both permit you to store web site credentials for automatic re-use. Such a feature makes it more convenient for users to sign on to frequently-used web sites without having to type in a password every time.
I recommend you NOT do this.
In my opinion, use of a browser for storing and managing web site credentials is risky business. A browser is a virtual terminal that is used to access web applications, some of which contain malicious code. Such malicious code has little distance to travel between a browser and its stash of stored passwords.
In fact, already such exploits have been written in what are called “Reverse Cross Site Request” attacks, in which a fake login site fools the browser’s password manager into automatically providing login credentials.
And here is an article that explains these vulnerabilities further:
Instead of using browser-based password managers, I suggest you use a separate encrypted password vault such as Password Safe.
Agreed. Nice bit of info here, Peter.
I have a questoin about this.
I recently changed my yahoo mail pass and I forgot it because of browser password manager. I have this email for a very long time and I don’t remember the answer to my secret question too.
So is there any whay I can look in my browsers pass manager for the pass of my email?
Firefox will permit you to view stored passwords. Go to Preferences > Security > Passwords. On my MAC version of Firefox it will allow me to view stored passwords. (I do not use this feature, but the Firefox UI suggests this possibility).
Hope this helps!
I’m not doubting what you say is true – but how can it be proven?
Pingback: Give the gift of safe Internet use this Christmas | Peter H. Gregory