Trying the inbuilt password manager, it's nice and fast. Few questions/concerns:
1. What are the potential risks of using it without a master password, or even with a mp? Having to retype in on every session is too detrimental, I wish there was a workaround (encrypted database + no need to keep entering the MP). The Master Password+ extension helps, but it's not enough (for me, obviously).
2. I am reading in some (very) old articles that extensions can have full access to fill forms. Is there any validity to this, or security concerns? Another very old security concern is posted here.
3. Minor issue: some websites seemingly prohibit password saving/auto-filling with the autocomplete=”off” restriction or other means. Does Pale Moon honour this restriction or is it bypassed (which would be better)? I seem to remember a similar discussion here in the past. I have only encountered one website that refuses to cooperate, even after trying the bookmarklet workarounds mentioned here.
Thanks
Password manager (inbuilt): few concerns/questions
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
back2themoon
- Moon Magic practitioner
- Posts: 2410
- Joined: 2012-08-19, 20:32
Password manager (inbuilt): few concerns/questions
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
-
back2themoon
- Moon Magic practitioner
- Posts: 2410
- Joined: 2012-08-19, 20:32
Re: Password manager (inbuilt): few concerns/questions
One more question: are usernames also encrypted or only passwords? If not, please consider it as a feature request. Sensitive data can be found on usernames as well.
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
-
tooshorttoolong
- Fanatic
- Posts: 137
- Joined: 2017-09-11, 14:28
Re: Password manager (inbuilt): few concerns/questions
Without a master password, someone with access to your computer (either physical or distant) can copy the passwords file and impersonate you on all the web sites. Obviously it’s a bad idea to store important passwords this way (banking, shops…). The risk of having your computer hacked is real, especially on Windows.
With a master password it’s better, but the security highly depends on the quality of your password. A simple password can be cracked very quickly. (Note that I don’t know how Firefox/PM store the passwords, I’m just assuming the passwords file is somehow encrypted using your password using a simple method.)
If you use a passwords manager like for example KeepassXC, you’ll notice that it takes one or two seconds to check your master password. For this reason, even a relatively simple password will take a long time to be cracked. However Firefox and PM do not use the same technique to slow attacks and thus are not as safe.
(See wikipedia for a technical explanation.)
BTW I read that it’s possible to autofill passwords in browsers using KeepassXC or other passwords managers, which might solve your problem while keeping your passwords database safely encrypted on disk, but I don’t know how to do this.
With a master password it’s better, but the security highly depends on the quality of your password. A simple password can be cracked very quickly. (Note that I don’t know how Firefox/PM store the passwords, I’m just assuming the passwords file is somehow encrypted using your password using a simple method.)
If you use a passwords manager like for example KeepassXC, you’ll notice that it takes one or two seconds to check your master password. For this reason, even a relatively simple password will take a long time to be cracked. However Firefox and PM do not use the same technique to slow attacks and thus are not as safe.
(See wikipedia for a technical explanation.)
BTW I read that it’s possible to autofill passwords in browsers using KeepassXC or other passwords managers, which might solve your problem while keeping your passwords database safely encrypted on disk, but I don’t know how to do this.
-
tenseys
Re: Password manager (inbuilt): few concerns/questions
Not a big fan of the browser but I like how Chrome requires computer/windows login password (that I normally allow windows to bypass) to access saved passwords. That might slow down an unsophisticated thief or snooper.