How safe is Firefox password manager?
I have been using the Firefox password manager for long time, but never checked/verified how secure it is.
The following post sums it up best from the luxsci.com blog
When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default. If you choose a good, strong master password, then this level of encryption should be fine. 3DES is rated to be good for general use through 2020.
You should be aware that there are programs out there designed to crack open the saved passwords. One such program is FireMaster. If you do not choose a strong Master Password, then your encrypted database may be susceptible to being broken into
If you are a Mac OS X user, one of the considerations is that it is not integrated with the OS-level "KeyChain" (password management). You can use Camino if you want a mozilla/Gecko browser that is integrated at this level.
This is probably a biased personal opinion.
I feel that integrating password storage into any system that provides many other features weakens their security to the vulnerabilities possible in that system. Other parts of the combined system form the weaker links in the security chain. It also helps using a non-standard system (read the conclusion on this link).
To that end, I prefer storing them in a TrueCrypt encrypted file.
Some other discussions,
- Holes Remain Open in Firefox Password Manager, July 20, 2007.
-
LastBit FireFox Password Recovery 1.0
I like the part about, "Please note that only saved passwords will be shown by FireFox Password. If user has entered a password but has not saved it, the password will not be shown." - Password Manager Shootout – eWallet vs. KeePass vs. LastPass, favors LastPass