The Firefox password manager vulnerability
Posted Nov 30, 2006 3:26 UTC (Thu) by rsw
Parent article: The Firefox password manager vulnerability
One possible solution is to move away from passwords as an authentication key. Why can't servers generate an SSL certificate based on the username? Of course, then there would be an issue of carrying the certificates around wherever access is required, but perhaps something like Schnieir's pass safe equivalent could be used.
But as an initial fix, the Firefox UI will need to change to be less automated, requiring a positive action by the user to cause the fields to be entered
to post comments)