Browsers: Protecting Stored PasswordsWeb browsers can store login passwords so the user does not need to type them for each website. However, this creates a degree of risk from the following scenarios: - Another user physically or remotely accesses the machine while it is logged-in;
- Malware runs on the machine and can exfiltrate the passwords; or
- The machine is stolen and the passwords can be retrieved from the disk (where Bitlocker is not used, for example).
These risks can be mitigating by adding a password for the password database. Firefox- In the address bar, enter:
about:preferences#privacy - Scroll down and enable Use A Primary Password.
This password will be prompted for each new browser session, so it needs to be something that can be remembered, easily typed, but long enough to resist brute-force password-cracking attacks. For example, I live in Adelaide! or Running Up That Hill. - For maximum security, close the browser when not in use so the password and decrypted password database do not remain in memory.
|