How I manage my website logins (using Firefox)
This blog post describes how I manage my many website logins (usernames, passwords). I am very interested in how I can improve my current approach. I want it to be highly secure and highly convenient. Please feel free to add your comments and suggestions!
I try to use secure passwords for all of my web accounts, i.e. long random combinations of “special characters”, mixed case letters and numbers. They are usually so secure that I definitely cannot remember them.
So I let my web browser remember, manage and auto-fill my website logins. I use
- Firefox Secure Password Generator when creating new accounts
- Firefox password manager to remember the credentials, with master password
- “Allow Password Save” Greasemonkey user script to force some websites to allow this
- Firefox Sync to make all the remembered logins equally available on all my computers
- Firefox Secure Login extension for single-click logins (works on most major sites)
- Firefox Saved Password Editor to correct auto-detected login info where necessary
- Firefox Password Exporter extension for occasional password backups to an offline file
The approach works well and I never have to memorize my passwords. But my worries are:
- Is Firefox Sync data as secure as Mozilla claims it is?
- What can happen if malicious hackers gain access to the Firefox Sync servers?
- Is the Triple-DES encryption with cipher block chaining that is allegedly used for local password storage in the Firefox profile secure enough (especially given this long-standing bug)?
- Is it a bad idea to let Firefox even remember my online banking, Paypal and other sensitive passwords?