Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Firefox's password manager stores passwords in clear text unless you use a master password (very few people do).

This means that any process on the computer can read them.

It also means that, unless you also use full disk encryption, a stolen device means you're fucked.

Chrome and Safari use the OS's keychain at least, so there is some level of security.

And a standalone password manager has its own encryption.



This has been the case for a long time, and has not changed even in 2024. Please use a Primary Password if you are storing passwords in Firefox.

https://support.mozilla.org/en-US/kb/where-are-my-logins-sto...


Browser password managers and their related files are the usual targets of the sophisticated malware creators. Not many people use good master passwords either if any.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: