Passwords warning

This concerns non-techies like myself and was sparked by this thread on hackers http://forums.thinkbroadband.com/gaming/f/4062651-st...

I have an Amazon account on which Amazon retains my credit card details -- I don't like it but that's the way it's done. So visit Amazon, choose your goods, go to checkout and Firefox applies password, and Amazon the credit card details.

When I went into Firefox the other day I was appalled to find my Amazon password visible to anyone who switched on my computer, an open door to Amazon's warehouse ...

I deleted this password from Firefox but I wonder how many other security breaches are available via this otherwise handy feature?

On every version of Firefox I have used, my password, provided the field is correctly defined, is not visible and is just a series of dots or asterisks.

FF always asks if you want to save a password, or a change to an existing.

IE works in excatly teh same way.

Sorry I didn't make this clear. Passwords are indeed normally starred out.

But go to Options and click Saved Passwords button. They're all there

Do you leave yourself logged in? Other users shouldn't be able to access your passwords.

Do you have a "Master Password" set?

I don't use FF as my main browser - but thought I would have a check.

I upgraded to v8 yesterday.

Preferences > Security Tab > Saved Passwords... > Show Passwords

Dialogue box asking if you are sure - then boom ALL saved userids/passwords in readable format!

Not good - off to do some reading...

Thanks for the heads up

I'm a little confused. You ask to view your passwords and you complain when they are shown? Can you see anyone else's passwords?

Yes I suppose I am logged in permanently, it's my own computer in my own home and only I use it. No problem unless someone broke in and knew about this Firefox open door, but I think people should know that if someone can open your Firefox, then they can open your saved passwords too.
@ MHC -- I don't have a master password.

Create a user account and a master password for FireFox. At least then you won't have to worry too much about credit card details after the thieves have sold your computer.

Yes - I was surprised there is an option called 'Show Passwords' - especially as it's available (not locked) by default!

I was shocked that anyone passing my PC (it's in a home office so I haven't got a personal issue with this!) can display in clear text all my saved userids and passwords just with a couple of clicks.


I've just been doing some reading and it look like this has always been this way!
As I mentioned I'm not a FF user day-to-day.

I appreciate in IE you can read the encrypted passwords easily with some freely available s/w - but my 10 year old would find that harder to use but wouldn't have any problem with FF's implementation!

I've just played with 'Master Password' and it rather defeats the object for me as you still have to enter 'a' password. I don't think FF have thought this through very well - and it looks like plenty of others (when they realise how things work) think the same.