Browser Password Saving

[kemosabe]

With the Firefox 1.0 browser, I get prompted to save my username and password with this dialog box:

[kemosabe]

In Internet Explorer 6.0, I get a similar dialog box:

[kemosabe]

Question -- how safe it is to let the browser store such information (and I don't mean from another person sitting at the same computer -- I'm referring to a computer hacker attack from the internet)???

[shellebelle]

Using it with Mozilla is fine for regular stuff. My dad (iglesias) recommended I use it, and he deals with viruses and hacks all day. He'll have to answer the question whether or not it's safe from hackers. I don't, however, use it to store any passwords for things like my PayPal account or online banking.

Don't trust Internet Exploder with anything.

[MPSpecter]

Never felt comfortable about storing passwords to any financial institution in the computer. To many hacks out there. Better be safe than sorry. But for normal sites, It's not that bad, very convenient.

[iglesias]

Quote:

Originally posted by kemosabe
Question -- how safe it is to let the browser store such information (and I don't mean from another person sitting at the same computer -- I'm referring to a computer hacker attack from the internet)???

For sites like hondapilot.org, saving the user/password is not a big deal. It's stored as cookies
and it appears that hondapilot.org encrypts it (no telling how good the encryption is though).
All someone could do with your hondapilot.org login is post nasty stuff that would offend people.

I would never, ever, store any passwords to any financial institution or any site that has any
control of any money or credit cards or ... on any computer anywhere. Just say no! (or in
Firefox/mozilla, say "never for this site").

There are lots of Windows-specific worms out there that give attacker all kinds of control over and access to
everything on your system. They can install files, retrieve files, etc. Believe me, you don't want this.
Your system could become one of the thousands of bots (robots) waiting to be used to attack other systems
or be used to perform a denial-of-service attack on Yahoo, EBay, etc.

If you want to keep the cretins out of your system, I'd suggest a cable/dsl router/firewall. I use a
Linksys, D-Link, SMC, and others make them as well. This will prevent any probing of your
system from the outside, which is how most of the worms propagate themselves. You could use
software firewalls, but there may be a window where the networking on the computer is running but the
firewall is not, leaving you open to possible attack.

And keep your system up to date with patches from Microsoft (or Apple, or your Linux vendor, etc).

[shellebelle]

Quote:

Originally posted by iglesias

For sites like hondapilot.org, saving the user/password is not a big deal. It's stored as cookies
and it appears that hondapilot.org encrypts it (no telling how good the encryption is though).
All someone could do with your hondapilot.org login is post nasty stuff that would offend people.

I would never, ever, store any passwords to any financial institution or any site that has any
control of any money or credit cards or ... on any computer anywhere. Just say no! (or in
Firefox/mozilla, say "never for this site").

There are lots of Windows-specific worms out there that give attacker all kinds of control over and access to
everything on your system. They can install files, retrieve files, etc. Believe me, you don't want this.
Your system could become one of the thousands of bots (robots) waiting to be used to attack other systems
or be used to perform a denial-of-service attack on Yahoo, EBay, etc.

If you want to keep the cretins out of your system, I'd suggest a cable/dsl router/firewall. I use a
Linksys, D-Link, SMC, and others make them as well. This will prevent any probing of your
system from the outside, which is how most of the worms propagate themselves. You could use
software firewalls, but there may be a window where the networking on the computer is running but the
firewall is not, leaving you open to possible attack.

And keep your system up to date with patches from Microsoft (or Apple, or your Linux vendor, etc).

[krygny]

Quote:

Originally posted by iglesias

For sites like hondapilot.org, saving the user/password is not a big deal. It's stored as cookies ...

On sites like this, the password is not stored as a cookie. There are only a few cookies for identification so that when you return, you don't have to sign back in. I haven't signed in or out of this site in months (like since the last time I updated my browser).

I don't see any specific problem with having the browser store passwords, but I don't do it. It's not that big a convenience and I don't want to find out later about a vuln. I do, however, have Firefox store field information; I find it to be a big convenience. But I have to clear it all out once in a while; it gets a little too "presumptuous".

[iglesias]

Quote:

Originally posted by krygny

On sites like this, the password is not stored as a cookie. There are only a few cookies for identification so that when you return, you don't have to sign back in. I haven't signed in or out of this site in months (like since the last time I updated my browser).

Ok, I see. I saw two cookies from hondapilot.org, "bbuserid" and "bbpassword", so I assumed they were the userid and password. Thanks for the clarification.

[kemosabe]

Quote:

Originally posted by iglesias
[ S N I P P E D ]
If you want to keep the cretins out of your system, I'd suggest a cable/dsl router/firewall. I use a
Linksys, D-Link, SMC, and others make them as well. This will prevent any probing of your
system from the outside, which is how most of the worms propagate themselves. [ S N I P P E D ]

iglesias: What do you think (or know) about the Netgear MR314 Cable/DSL Wireless Router???

[iglesias]

Quote:

Originally posted by kemosabe


iglesias: What do you think (or know) about the Netgear MR314 Cable/DSL Wireless Router???

I haven't heard anything about that one. I have an older Linksys without wireless (I have a separate wireless unit), and
someone at work has a SMC Barricade, but I don't remember if he got one with wireless or not. That router doesn't appear
to be a current product, and it has 802.11b wireless. 802.11g wireless is faster and downward compatable with 802.11b.
If your laptop or other computer can do 802.11g, you'll get faster transfers with it. Something to look for if you're buying new equipment.

Wireless is great, but unless you want to share it with your neighbors, their kids, and whatever is infecting their computers,
be careful when you set it up. If you aren't, anyone nearby will be able to use your network connection, and if their computer is
infected with something, pass it on to your computers. There are a lot of homes near me with wireless, and I bet I could
connect to at least 50% of them without trying hard.

I'm sure by now some of you think I'm some kind of paranoid whacko, but I've seen so many systems where I work compromised
because people don't pay attention to things they should pay attention to. The students are back from Christmas break, and
I can tell a bunch of them got new computers for Christmas. How? Because they got infected with whatever is running around the
dorm network (which is a complete cesspool of worms, viruses, etc).

[shellebelle]

Quote:

Originally posted by iglesias
I'm sure by now some of you think I'm some kind of paranoid whacko...

Think? I KNOW!

[krygny]

I love Linksys stuff. Browser configurable, pretty near bullet-proof right out of the box, and well supported. I've upgraded the firmware in mine a number of times. Once in a while I enable logging just to see who's knocking. You wouldn't believe all the nasties out there.

Would you like to know how vulnerable your computer is to network attack? Go here and run the Shields Up tests. (Scroll down under "Hot Spots".) Great site for geeks.

http://www.grc.com/default.htm

[kemosabe]

Quote:

Originally posted by krygny
I love Linksys stuff. Browser configurable, pretty near bullet-proof right out of the box, and well supported. I've upgraded the firmware in mine a number of times. Once in a while I enable logging just to see who's knocking. You wouldn't believe all the nasties out there.

Would you like to know how vulnerable your computer is to network attack? Go here and run the Shields Up tests. (Scroll down under "Hot Spots".) Great site for geeks.

http://www.grc.com/default.htm

Interesting site with good info... I ran the File Sharing and Common Ports tests and the results were interesting, to say the least!!!

[kemosabe]

Latest results from the File Sharing test are promising...