How secure are stored passwords?
I was having a little sticky beak in the Firefox help files for no particular reason when I encountered something which made stop and send an email off to the Security Now! podcast.
Hi Steve and Leo,
I was just poking around in Mozilla Firefox and noticed something in the “Help for Internet Exploer Users” section:“About Your IE Favorites and Settings
When you first install Firefox, it will import your existing Internet Explorer settings, including your Favorites, cookies, stored passwords, and a variety of other data. This saves you time customizing Firefox to fit your needs.”The important part of that is that Firefox imports IE’s stored passwords, which raises a question of security with those passwords being on my hard drive.
I’m not concerned about other people using my computer and using my stored passwords as I don’t store super-sensitive passwords, but if somebody were to store a password of some importance, how easy would it be for some malware to access those passwords? The innocuous Firefox can do it, what’s stopping malware from doing it?
By the way, if you read this on SN52, congratulations on one year of Security Now!
Regards,
Samuel Gordon-Stewart
Canberra, Australia
Admittedly I could, with a few minutes, find out the answer for myself, but I’m sure I’m not the only one to ever wonder about this, and somehow I think it would be a perfect question for the Security Now! podcast, and an answer on there would benefit many more people than an answer here (Security Now! has about 100,000 listeners (source)). None the less, I will get an answer on here soon. I’ll wait and see if Steve and Leo discuss this, and if so I’ll include the transcript. If not I’ll just go and do some reasearch for myself.
Samuel
July 24th, 2006 at 04:53pm