The Firefox password manager vulnerability
Posted Nov 30, 2006 8:47 UTC (Thu) by beejaybee
In reply to: The Firefox password manager vulnerability
Parent article: The Firefox password manager vulnerability
Actually passwords are fine _provided they're used only once_. The point being that disclosing a password for any reason compromises it, even if the reason is to gain access to the password-protected service.
What we really need is something like a smartcard which will generate one-time passwords and automatically communicate the next valid password to the service provider once access has been granted.
Firefox has fallen into the "convenience trap" here & urgently needs to be fixed. The quick (?) hack of copying the Opera "magic wand" procedure is probably the best mechanism for low to medium security requirements in the short term.
to post comments)