Just lock your computer. Also, use a hashing algorithm
to generate a separate password per web site - like the
one I keep on my home page: www.dymitruk.com
Good point Roy. But if someone's already on your machine
in an enterprise environment then they've almost
certainly got access to your password (or you were
foolish enough to leave it unlocked) - in which case
they could do almost anything under your identity
anyway.
FYI - If you really want to get freaked out about this,
even if you choose to use a master password in Firefox,
all it takes is someone to come by and install Google
Chrome on your PC and import all the settings from
Firefox. When Chrome imports the settings from Firefox,
it imports all the passwords too.... which they can then
use to view the passwords. Creepy right? Well it gets
worse... you can do the same thing to Safari passwords
by installing Firefox... just import the settings from
Safari and abracadabra, you can view them in Firefox! So
none of them are safe when using this method...
The best option to use for any browser is the most
annoying: Don't save the passwords.
(NOTE: This was true about a few months ago when I was
doing some testing for IT on this specific feature
between browsers so I'm assuming it is still true which
I have no reason to believe any differently but I could
be wrong)
Patient: Doctor, doctor, it hurts when I stick my finger
in my eye. What should I do?
Doctor: Well, don't stick your finger in your eye.
...
Use whatever browser you want, just don't use saved
passwords.
I almost can't believe this coming from you, reasons
have been explained already in the comments
Don't save your passwords bozo. Better yet, maybe you
should just leave the computer turned off.
you gotta be kidding me...
maybe you *should* be using safari.. lol..
As others have said, don't save your passwords.
Auto-saving of passwords is the first feature I turn off
in any browser.
Surely your documents are there for anyone to see too?
And your pictures!
Quick, uninstall Windows!
Just don't store them in the browser :) I lock my system
even at home. It is just so normal to lock when I
stand-up. If you are worried about a master password
then make sure that the files in which the password are
stored are encrypted in NTFS. This way if an
administrator changes your password that he cannot
decrypt that file.
Your 'master' password should be your local desktop
password. I really hate it when applications have their
own pasword scheme implemented.
Why don't you simply tell your browser not to remember
passwords... and remember them yourself?
And there the trolls came...
he...
You're joking right? If you're worried about an unlocked
shared PC - don't store passwords there.
If someone has physical access to your machine, I think
you should have more to worry about than being able to
read your website passwords thru your browser of
choice...
Such statement is acceptable from an average computer
user, but coming from a software professional and posted
in a blog which is supposedly visited explicitly by
other professionals?
Naah, you have to be joking ;-)
Like most of the visitors commented.. Why in this world
you would leave your session open for anyone? Just lock
it, its easy. Between IE 7 is not bad in terms of
security and its even faster than its previous versions.
Rule #1: never let browsers store your passwords. Being
a web-savvy person, you should know better. Enough
said... :-)
I think the language in your post is a little over the
top...a little alarmist. The risks you document are real
but they require access to your machine via other means.
This is not an internet-based exploit of any kind.
....seriously? what sort of buffoonery is this? Who
doesn't lock their computer? Who saves passwords on a
public computer?
Who saves their passwords in any file on their computer?
What are all the trolls blabbering about? It's true that
it is easy to extract a saved password from a form using
javascript from example, but what chrome does is hand
you over a list of all the websites where I use a saved
password, and the password itself.
Like Roy, I DO want use saved passwords, but I don't
want it to be a click away from anyone.
He is right. Bad Chrome!
A probably good way is to use the fingerprint software
to handle the passwords.
leaving your computer unlocked is a security risk' :)
Roy,
Why not use a password manager like RoboForm or
1Password? They're integrated in the browser and your
passwords are encrypted on disk. More importantly you
can use the browser you like the most.
I have to disagree with people who think you should
remember all your passwords. Often those people have the
same password on each site and register with the same
email - how safe is that? For most sites I generate
impossible passwords and back them up encrypted.
Roy, I think the feature's purpose is to make it easier
to enter to "not so important" web sites (such as news,
maps, intranet sites, weblogs.asp.net :-), etc.) where
the worst thing a "criminal" can do is write a comment
on your behalf, upgrade your vmware player version,
download a bike trek to his gps device, etc.I am sure
(and hope) that you do not use this feature to save your
paypal's password or your bank account's, otherwise no
super master password will prevent the potential thief
from buying a nice 50'' LCD if you leave your PC
unlocked.
I think that google should add a message that says,
"saving important passwords can ruin your life..." or
something. At least for me this feature saves a lots of
time.