Do you rely on the master password in Firefox to protect all your login information? That could be a very costly mistake if your computer is ever stolen. Anyone with a password cracker of which there are several on the web, could using a brute force attack obtain your master password from your machine. They would then have access to all your login information for any and all accounts stored. I’m not going to list any of them here, you can find them using “firefox password crack” or “firefox password recovery”
Then there is the ongoing saga of security vulnerabilities, such as the cross-site Reverse Cross-Site Request (RCSR), highlighted some time ago, many of which are as yet to be completely resolved.
So, what is the answer?
Well, you could opt for a system like Passpack, which now comes as a standalone downloadable system and was reviewed here previously, or you could try Clipperz, which apparently has some unique features that make it better in some ways and not so good in others. It’s a difficult call.
If you are worried about the RCSR issue, you could use Opera instead of Firefox. Opera has a built-in password manager that is similar to that of Firefox but with one important difference, the Opera Wand login does not prefill login form fields by default so that an automated attack cannot get to your prefilled login fields, because they are empty! Of course, you may be happy with Firefox for all sorts of other reasons, and now you can get the Opera login functionality within your favorite browser with a Firefox Extension.
According to CIS, in 1999, two documents were published by Internet standards organizations that described Web password protocols as “unacceptable for any application,” and “not considered to be a secure method of user authentication.” These protocols are still being used today by all websites.
There is no simple answer, just as there is no single answer to home security. You could easily lose a key be compromised. If someone wants to get in to your property they will. Maybe someone should invent a security alarm for web browsers, at least that might deter the casual hacker.
by David Bradley
Actually is Clipperz, not Passpack, that comes also as a "standalone downloadable system" (open source too).
Read more about Clipperz Community Edition here.
Marco
Clipperz co-founder
Could you link it to this blog the address