How safe is Firefox password manager?

security firefox password-management

I have been using the Firefox password manager for long time, but never checked/verified how secure it is.


The following post sums it up best from the luxsci.com blog

When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default. If you choose a good, strong master password, then this level of encryption should be fine. 3DES is rated to be good for general use through 2020.

You should be aware that there are programs out there designed to crack open the saved passwords. One such program is FireMaster. If you do not choose a strong Master Password, then your encrypted database may be susceptible to being broken into


If you are a Mac OS X user, one of the considerations is that it is not integrated with the OS-level "KeyChain" (password management). You can use Camino if you want a mozilla/Gecko browser that is integrated at this level.


This is probably a biased personal opinion.

I feel that integrating password storage into any system that provides many other features weakens their security to the vulnerabilities possible in that system. Other parts of the combined system form the weaker links in the security chain. It also helps using a non-standard system (read the conclusion on this link).

To that end, I prefer storing them in a TrueCrypt encrypted file.

Some other discussions,

  • Holes Remain Open in Firefox Password Manager, July 20, 2007.
  • LastBit FireFox Password Recovery 1.0
    I like the part about, "Please note that only saved passwords will be shown by FireFox Password. If user has entered a password but has not saved it, the password will not be shown."
  • Password Manager Shootout – eWallet vs. KeePass vs. LastPass, favors LastPass

Related

What is the "Google Update" Firefox add-on?
How to skip "Calculating" time when copying files using Windows explorer?
Maximum resolution through VGA/DVI/HDMI(/etc)?
How to disable permission to read 'System Fonts' and 'Browser Plugin Details' in Chrome and Firefox
What is the difference between Windows Subsystem for Linux (WSL), Cooperative Linux (coLinux), and Cygwin?
Outlook calendar - see who has accepted a meeting without being the meeting organizer
How do you mute the ding sound in Google Chrome when find on page returns no results?
Tool to annotate pictures (screenshots) for documentation purposes? [closed]
How to make Google Chrome search using google.com rather than google.com.hk? [closed]
How to overwrite existing zip file instead of updating it in Info-Zip?
How can I make mdadm auto-assemble RAID after each boot?
What is the 127.0.0.2 IP address for?