LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Firefox password manager vulnerability

The Firefox password manager vulnerability

Posted Nov 29, 2006 22:21 UTC (Wed) by kirkengaard (subscriber, #15022)
In reply to: The Firefox password manager vulnerability by emkey
Parent article: The Firefox password manager vulnerability

On the pat yourself on the back side of things, yes, good security practice does suggest that this sort of crutch is just like writing down your passwords anywhere else. Raise your hand if you know someone who has their login written on the computer or monitor (or a post it attached thereunto). The unwary user who simply says, "Oh! A labor saving device! I hate forgetting the password for that website!" is foolish, but common.

(Log in to post comments)

Post-It notes

Posted Nov 30, 2006 13:11 UTC (Thu) by Richard_J_Neill (subscriber, #23093) [Link]

Often, post-it notes are quite sensible for storing passwords. It all depends on who has physical access, and for domestic users, writing the password down is no bad thing, especially if it helps them remember it. Of course it depends on what the password is for, but in most cases, if someone can break into your house, you have bigger problems than losing your passwords!

The real danger is when a user uses the same password in multiple different places. Then, say their slashdot login might also work for their bank.

Post-It notes

Posted Nov 30, 2006 17:53 UTC (Thu) by emkey (guest, #144) [Link]

Post its are never a good idea. Why have passwords if they are? Passwords exists to limit access and provide auditing. Making it easy for somebody in your group or company to use your identity is not a good thing.

The main reason I don't store passwords beyond the obvious security issues is that I WILL forget a password if I don't have to type it in regularly.

Post-It notes

Posted Dec 3, 2006 15:55 UTC (Sun) by k8to (subscriber, #15413) [Link]

As the post you are responding to pointed out, post-it notes are useful because access to them is restricted to a physical domain, which can be quite small. A post it note on my computer here, for example, will be viewable by myself and a few close friends who visit my apartment. The risk is _quite_ small, and it would be fine for most applications.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds