Some questions about saving passwords and security.

[Crow550]

Is it safe to save passwords?

Also which is more secure, telling the site to remember you thus storing the password on a cookie or using firefoxs password manager with a master password and perhaps with Secure Login.

Using Secure Login: <a target=_blank class=ftalternatingbarlinklarge href="https://addons.mozill............addon/4429"><a target=_blank class=ftalternatingbarlinklarge href="https://addons.mozilla.o.........fox/addon/4429"><a target=_blank class=ftalternatingbarlinklarge href="https://addons.mozilla.org/en-US/firefox/addon/4429"><a target=_blank class=ftalternatingbarlinklarge href="https://addons.mozilla.org/en-US/firefox/addon/4429"><a target=_blank class=ftalternatingbarlinklarge href="https://addons.mozilla.org/en-US/firefox/addon/4429">https://addons.mozill............29</a></a></a></a></a> helps make logging into sites a 1 click process. Also offers "Activate JavaScript protection on login" for more protection.


Also Zone Alarm offers free ebay password protection. Just click Overview and goto preferences.

So what would you recommend and what do you do?

Of course never using the same password is a good idea too and mixing it up with Caps, lowercase, numbers and symbols. Like: !+'$@$$k!ck!n6+!m3 which would be It's ass kicking time or 3-Ma!1+!m3 which would be E-Mail time. Just using these as random examples.

Let's see not storing bank or paypal passwords would be a good idea too.


What's your opinion?

Or is having login info saved just a bad idea and browsers shouldn't offer it?

 

[Crusty]

A site should not not be saving your password in a cookie, if they are their programmers deserve a nasty e-mail. What they will store is a unique hash that identifies your session with the server.

 

[bsobel]

Originally posted by: Crusty
A site should not not be saving your password in a cookie, if they are their programmers deserve a nasty e-mail. What they will store is a unique hash that identifies your session with the server.

He was clearly paraphrasing in his post.

 

[Crow550]

I should have did some research first.....I was trying to figure out how they remembered your login status. Now that I know. Again which would you say is more secure?

 

[bsobel]

Originally posted by: Crow550
I should have did some research first.....I was trying to figure out how they remembered your login status. Now that I know. Again which would you say is more secure?

More secure, not having that cookie on your machine. Secure enough, depends on the application (for many I'd say yes if you have reasonable machine physical security)

 

[Crow550]

So it would be more secure to not have the remember me selected when logging into a site and use a session cookie unless you have no account on the shopping site and your adding items to your cart, then a cookie would be needed to remember items in the cart, unless you have an account then just a sesson cookie would do.

So having firefox save the passwords and using a master password with the secure login addon with Activate JavaScript protection on login enabled would be better than selecting remember me when a site asks.

Of course typing passwords in every time would be the best measure.....Then again why offer to have passwords remembered if it's not secure?

 

[Crow550]

What is all your opinions, suggestions and advice on this?

 

[Oakenfold]

Originally posted by: Crow550
What is all your opinions, suggestions and advice on this?

I'm no web application expert so I really can't comment on what Bill already has.
You need to determine what you are comfortable with doing. I personally look at it this way, your information is out there, it will be compromised at some point in time. It's not a matter of if, it's a matter of when. Because of the way I look at it I choose convenience over security, mind you I pay for everything with a credit card, not a debit card, check card or anything remotely attached to a bank account. I do use cookies and store passwords with the exceptions of financial websites, those are a must from memory for me or stored in an encrypted .txt file.

I really don't care if my credit card gets compromised, your liability is next to nothing or nothing depending on the issuer.

Using common sense and good computer user education is the best thing you can do. It sounds like you use A/V, you use a firewall. If you choose not to use cookies you will have additional authentication measures with some financial websites. This may or may not pose a problem for you depending on the additional authentication measures.

 

[kh4130]

Like Oaken fold said -- I don't care too much if my card gets stolen. Can just get the charges reversed. However, it is a headache; thats why I don't try to POST my CC info much.

Security all depends on your comfort level. Any lock is unlockable. Security measures are just deterrents. If someone wants to find something hard enough they will get it, usually.

For storing Passwords, I use a program called Password Safe. It's stores passwords in an encrypted database. Maybe not the most secure thing in the world but its better than forgetting passwords or leaving them in an unprotected word/excel document.

 

[Red Squirrel]

I use a PINS database for all my passwords.

Though I'd be curious to know how secure that program REALLY is. Anyone aware of any ways that encryption can be cracked? (not that I want to do it, just curious of if its easily done or not).

Though encrypted or not, if someone gets ahold of the file, that alone is a huge problem on it's own.