David E. Ross wrote:
Enabling the use of a master password causes the Password Manager's database to be encrypted. The master password itself is not stored on the computer and should exist only in the user's head.
Yep. And I think there's a lot of developers that don't have enough experience with Mozilla browsers, that they even know about the master password, or encryption of the password store.
Prior to the complete implementation of the capability to save and use passwords for Web sites that try to prevent such actions, I examined several non-Mozilla password management tools. Some saved the passwords in the cloud, a point of vulnerability. Others were vague on how they secure the password database. I decided that using the Mozilla Toolkit's Password Manager provided me with more comfort than those non-Mozilla tools.
This is the same kind of issue, as with cloud storage of other data. It comes down to how key management is done. If it's a true zero-knowledge setup, where the data is client-encrypted before it ever touches an Ethernet connection, then it's pretty safe.
I do make use of KeePass, and because I can interact with it completely off-line, I know that it's safe, and at the same time, I'm not opposed to keeping a copy of that data in cloud storage (even if I would prefer not to).
By my study of LastPass, I'm inclined to believe that it's also zero-knowledge (and where LastPass doesn't have access to the encryption key), although they're too aggressive about synchronizing storage to their servers, for my preference.
I do make some use of the Mozilla password manager (with encryption), and there's places where it makes my work easier. However, with KeePass, I like the extra capacities that it provides, such as a password generating tool, the ability of keeping notes, and that passwords aren't browser-specific or profile-specific. And with notes, I can track other things relating to authentication, such as email and postal addresses, phone numbers, etc. Notes also allow me to track questions and answers, and thus, not only are nearly all of my passwords as long and as random as I can make them, but it allows me to supply answers to questions that are non-obvious, if not entirely nonsense.
Smith _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
