| |||||||||||||
The Firefox password manager vulnerabilityThe Firefox password manager vulnerabilityPosted Nov 29, 2006 22:45 UTC (Wed) by sward (subscriber, #6416)In reply to: The Firefox password manager vulnerability by emkey Parent article: The Firefox password manager vulnerability
Bear in mind, however, that many site passwords are not there for your security - they are there to "protect" the content on the site against unauthorized viewing. So as long as you do not use the password manager (or postit notes) for truly sensitive passwords, why would you even care about this exploit? I agree with you, for important passwords (my email login, finances, etc.) - I don't store those at all. But I have no qualms about storing my assorted subscription logins (like lwn.net) in the password manager.
(Log in to post comments)
The Firefox password manager vulnerability Posted Nov 30, 2006 15:37 UTC (Thu) by k8to (subscriber, #15413) [Link] I agree. Part of the problem is that so much "web security" is valueless. Some of it is valueless to the user, but not the site. Some of it is just plain valueless in its entirety.
The spawn of unnecessary 'security' is what begat this feature to paper over the problem. I think it's just fine that hackers will find out my login is "user" and my password is "password" at all these silly web domains.
Sure, some people do end up using this feature where security is actually important, but I think the crying wolf that websites do unnecessarily might be as big a security problem, in the long run, as anything else.
|
|||||||||||||