For the below paragraph in the article, It is absurd that when someone clicks the "Show Password" and enter the Master Password, all the passwords are clear to see.
In fact what should have been done is to have two sets of Master Password:
Master Password 1: To use the saved password on all websites.
Master Password 2: To actually view the saved password with in firefox.
This way when someone has to use one's PC, we can freely give him access to move around firefox by giving "Master Password 1" but actually stop him from viewing the actual passwords (That is not to release "Master Password 2").
Of course, people may comment that why release the "Master Password 1" in the first place. If we did not, the stupid password box keeps appearing and also shows the stored usernames in the open by double clicking on the user name box.
So, the other solution may be to keep everything as existing, but stop the password box from appearing once clicking "Cancel" and also not to show any usernames in the open.
Please advise your comments to fiazidris (at) gmail (dot) com [email concealed]
Thank you.
:::QUOTE:::
Password Manager option to "Show Passwords" in the clear (*see note below) yes
For the last entry in the above table, note that it is debatable as to whether this is truly a feature or a security vulnerability, however sometimes there is no method for retrieving a web site password once it is forgotten.
In fact what should have been done is to have two sets of Master Password:
Master Password 1: To use the saved password on all websites.
Master Password 2: To actually view the saved password with in firefox.
This way when someone has to use one's PC, we can freely give him access to move around firefox by giving "Master Password 1" but actually stop him from viewing the actual passwords (That is not to release "Master Password 2").
Of course, people may comment that why release the "Master Password 1" in the first place. If we did not, the stupid password box keeps appearing and also shows the stored usernames in the open by double clicking on the user name box.
So, the other solution may be to keep everything as existing, but stop the password box from appearing once clicking "Cancel" and also not to show any usernames in the open.
Please advise your comments to fiazidris (at) gmail (dot) com [email concealed]
Thank you.
:::QUOTE:::
Password Manager option to "Show Passwords" in the clear (*see note below) yes
For the last entry in the above table, note that it is debatable as to whether this is truly a feature or a security vulnerability, however sometimes there is no method for retrieving a web site password once it is forgotten.
:::UNQUOTE:::
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1882/1083#1083