Hallo,
I am running into an Issue here while deploying a cfg file i can't find the right config option to fully disable all password imports from other browsers, i think it es very unsecure to be able to import passwords from a diffrent browser and show them in clear text after that. I don't want to forece a Master Password as this would require everybody using Firefox to set one. can anybody think of a solution to this problem ? or maybe knows the correct config value to edit?
regards Oliver
Saved Passwords
-
- Posts: 146
- Joined: July 1st, 2010, 10:18 pm
- Location: Blenheim, Ontario, Canada
Re: Saved Passwords
I rebelled against browser password management about a decade ago; my Fx is set to Not remember passwords. With browser developers, there are many priorities and passwords are not always top of the list.
I've been quite happily using KeePass to keep my passwords safe, unique, and complex. (my default is for length 32) It can also auto type them. I'm the only user here, but you can set up a database for as many users as you want. When you close the database, they are encrypted.
As well it's fully offline, which I feel is safer. I do, of course, keep multiple backups of the database on multiple media!
I've been quite happily using KeePass to keep my passwords safe, unique, and complex. (my default is for length 32) It can also auto type them. I'm the only user here, but you can set up a database for as many users as you want. When you close the database, they are encrypted.
As well it's fully offline, which I feel is safer. I do, of course, keep multiple backups of the database on multiple media!
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Saved Passwords
No idea if this is right, but...
EnableProfileMigrator=0
?
Or maybe there is some importSignons like setting?
EnableProfileMigrator=0
?
Or maybe there is some importSignons like setting?
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 3
- Joined: January 9th, 2018, 7:34 am
Re: Saved Passwords
@TrueFaclon
Same here, i use keepass which is fine but, my Problem at Hand
I can't find a way to forbidd via the Mozilla.cfg file to Import any Passwords i already have
lockPref("signon.rememberSignons", false);
lockPref("signon.prefillForms", false);
in the cfg file but sadly it is still possible to Import all Passwords from other Browsers which i think is a huge security risk within itself.
it liturally takes me about 5-8 seconds to get all the Passwords and make a quick photo with my cellphone or so...
@therube
i think with EnableProfileMigrator=0 you talk about a about:config entry is it a boolean or int?
all the Import Signon Setting had no effect on the Password improt what so every
Same here, i use keepass which is fine but, my Problem at Hand
I can't find a way to forbidd via the Mozilla.cfg file to Import any Passwords i already have
lockPref("signon.rememberSignons", false);
lockPref("signon.prefillForms", false);
in the cfg file but sadly it is still possible to Import all Passwords from other Browsers which i think is a huge security risk within itself.
it liturally takes me about 5-8 seconds to get all the Passwords and make a quick photo with my cellphone or so...
@therube
i think with EnableProfileMigrator=0 you talk about a about:config entry is it a boolean or int?
all the Import Signon Setting had no effect on the Password improt what so every
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Saved Passwords
(I'm getting beyond myself, but) it seems it would go into override.ini.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
- RobertJ
- Moderator
- Posts: 10880
- Joined: October 15th, 2003, 7:40 pm
- Location: Chicago IL/Oconomowoc WI
Re: Saved Passwords
That would require 1) physical access to the machine and 2) knowledge of the user account name/password for starters. Then 3) it assumes that the passwords are not locked on the other browser(s).Olivervk wrote:sadly it is still possible to Import all Passwords from other Browsers which i think is a huge security risk within itself.
it liturally takes me about 5-8 seconds to get all the Passwords and make a quick photo with my cellphone or so...
Not much of a security risk unless your machine is stolen and you are dumb enough to not secure your sensitive information.
.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6
-
- Posts: 3
- Joined: January 9th, 2018, 7:34 am
Re: Saved Passwords
@RobertJ so there is no way of fully disabeling the Password save?
- RobertJ
- Moderator
- Posts: 10880
- Joined: October 15th, 2003, 7:40 pm
- Location: Chicago IL/Oconomowoc WI
Re: Saved Passwords
It wouldn't make a difference since the user of the machine can always re-enable it.Olivervk wrote:@RobertJ so there is no way of fully disabeling the Password save?
.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6