I was just poking around in Firefox options and noticed that under the Preferences -> Security -> Saved passwords there’s a small box that says “Show Passwords” …and bada bing, there are all of my saved passwords in Firefox.
I find this appalling.
I’m well aware that these passwords are easily retrievable anyway by virii (which then send the information out to the virus author’s FTP for their retreival), scripts, add-ins, etc., but never did I know that any Joe Schmoe with access to my browser could just go and instantly see all of my passwords. And yes, Joe Schmoe shouldn’t really have access to your computer, but things happen. A friend may come over and need to use your Firefox. Or a co-worker may be flying out who needs to print their boarding pass.
I dug a little deeper and didn’t really discover anyone that was overly outraged by this.
I even came across one blog where they posted an even easier way to retrieve your saved passwords:
-Go to a web site with a password saved (log out if you’re logged in) and get to the page where it’s showing your user name and saved password.
-In your browser URL bar copy/paste the code from this article.
Voila, your password for that site is revealed.
I imagine this presents some interesting security implications in the corporate environment.
And worse, I don’t see any way to disable this feature to show the passwords. Yes, I could just not save any passwords. And yes, you could set a master password for the browser, so that anyone opening the browser is prompted for a master password (but if someone needed to borrow your browser, you’d probably enter the password for them in this case.)
If Microsoft had such a button, people would cry out that it’s a security problem. Why does Firefox get the free pass on this?