Use the Firefox password manager

It isn't perfect, but using the password manager built into Firefox is better than using duplicate passwords or storing them in a plain text file.

Last week, you might have read how ZF05 gives us one more reason to use unique passwords. From the article:

The key take-away from this, of course, is that you should never reuse a password between sites. Get yourself a good password manager application; you should only really have to memorize a handful of strong passwords, and store the rest in your password manager.

Keeping track of all those passwords can be quite difficult, however. I would know -- there are something like 150 different Websites for which I need to keep track of login information. It takes more than just a good memory to keep track of them all, and still maintain good password management practice.

The easy way to do it in Firefox is to use the browser's built-in password manager. Luckily, it is pretty simple to use.

Using the Firefox Password Manager

1. Tools > Options (or Preferences)

First, open the Options or Preferences menu. The image below shows the MS Windows version, through the Options selection located in the Tools menu. The Linux and BSD Unix versions of Firefox, on the other hand, keep basic configuration settings in a different location, through the Preferences selection located in the Edit menu. This article will refer to Options, because the screenshots were taken on the MS Windows version of Firefox.

2. Use a master password

Second, select the Security heading in the Options dialog. You should see a checkbox labeled "Use a master password". Make sure that checkbox is checked.

The "Remember passwords for sites" checkbox needs to be checked too, of course.

3. Change Master Password

Third, when the Change Master Password dialog comes up, you will have an opportunity to enter a password you can use to protect the rest of your passwords.

4. Password quality meter

Fourth, a "Password quality meter" will show Firefox's estimation of how strong your password is. Make sure it is a good, strong password, because you are going to use this to ensure that the rest of your passwords are safe. Passwords with a mix of both capital and lowercase letters, numbers, special characters, and even spaces, tend to be best, particularly when they are more than eight characters long.

A password you forget or have to store insecurely (in a text file or on a sticky note next to the computer) is not a good password, though, so make sure you choose something you will remember. The upside of having to remember a strong password for a password manager is that it allows you to have a lot more strong passwords without having to memorize them all.

5. Do you want Firefox to remember this password?

Fifth, when you enter login information at a particular Website for the first time, a band appears across the top of the page with a question on the left and some buttons on the right. The question it asks is "Do you want Firefox to remember this password?"

The buttons on the right are labeled "Remember", "Never for This Site", and "Not Now". If you select "Remember", of course, it will save the login information in the Firefox password manager for you. As long as you authenticate yourself with the password manager while using the browser in the future, it will fill in the login information for each Website for which you select "Remember" for you.

If you select "Never for This Site", it will not save the login information, and will never ask you again (or unless you do something to clear exceptions or settings for the password manager). If you select "Not Now", it will not save the login information, but will ask again next time.

6. Password Required

When starting Firefox 3.0, after setting up the password manager, a Password Required dialog appears, bearing the words "Please enter the master password for the Software Security Device." Firefox 3.5 doesn't bring up this dialog unless and until you open the login page for a site whose password you've saved.

7. Saved Passwords

If you want to see your login information, you can do so by opening the Saved Passwords dialog from the Security page of the Options dialog. When you open it, you will be presented with a list of sites and user names for those sites. In the screenshot here, nothing is displayed because I had not yet saved any passwords in the Firefox password manager.

If you wish to see the saved passwords themselves, you can click the Show Passwords button, and a Password column will appear beside the Site and Username columns.

8. Exceptions

Also in the Security page of the Options dialog is an Exceptions button. You can use this to manage exceptions -- to see what sites are barred from saving passwords when you click the "Never for This Site" button, and to remove exceptions from the list if needed.

Not Perfect

Because the Firefox password manager is part of Firefox, it could be regarded as one-stop shopping for security crackers and their malware. You would be better protected if you used a password manager external to the browser to save passwords; access the appropriate password in the password manager, then type or copy it into the site's login form yourself. Still, in absence of a separate password manager, this is better than using the same password across multiple sites.