Chrome, Firefox expose passwords in plain text, Internet Explorer does not!

17 Comments

  1. I think that this is a good thing it as it shows users that their password aren’t really secure. You forgot to mention the fact that the password won’t be shown if the user has a master password in which case Firefox will “encrypt” them using that password. If user doesn’t know enough that they write their password under their keyboard or store it on plain text on the computer in a text file, they will never be secure. Now regarding the fact that giving someone your laptop to someone for 2 minutes, if the password is stored, they could access their account anyways and if they have access to the stored e-mail password they could even reset the password using an e-mail then change the e-mail address. You article seems very biased to Microsoft.

  2. In practical application:
    Firefox encrypts against a master PW when present.
    Both IE and Chrome encrypt against the Windows profile/login password.

    The argument that because IE doesn’t offer a native password manager it is more secure is a stretch at best.

  3. The reason people save passwords is to prevent them from recollecting/remembering passwords from time to time. Add that to the woes of remembering a master password in Firefox.

    Having been used Chrome more than Internet Explorer , I dont feel this is a biased take favoring Microsoft. It shows how a common user who is not any Web developer/geek can interact with a respective internet browser w.r.t saved passwords.

  4. It really depends on your perspective, I suppose. I only allow browsers to save my passwords on computers I trust to be secure (currently only my desktop at home). Any other computer I wouldn’t let it save my password anyway, so this isn’t a security issue to me.

  5. After reading through, I felt this article is just way too biased and shows total lack of analysis. In my opinion its more like IE’s lack of feature. you cant just say IE9 not revealing passwords “is a safety” feature simply like that. It sounds biased. Considering just few points,

    1. Both Chrome & Firefox offers easy access to passwords in-case if you forget the password. most users need this, as they set “remember passwords” and forget it forever. and this feature also lets you protect it by a MASTER KEY again.

    2. Both browsers offers security in master level. A Master password in firefox and User profile login in Google Chrome. So its user’s flexibility how much security he needs, he can lock it at level 1, 2 or 3.. or even leave it completely insecure if he believes he will be the sole user of that PC Account.

    3. Windows User account password is another level of security. and you dont go around letting people use your personal computer’s user account unless you are not trusting that person. Like in real life, we dont let robbers sleepover at our own house. people who wants your password will definitely try to get them anyways, nevertheless.

    4. Any given Windows user account has complete logical access to the password database, of any given browser by any number of ways, directly or indirectly. Therefore, if an unauthorized user has logical access to the computer, and the account is logged in or it is not password protected, the attacker can abuse account privileges, and illegitimately use passwords. Logical access can be obtained by having physical presence (walking up to the computer) or by using remote access client (VNC, Remote Desktop, etc.)

    5. And for geeks and paranoid security freaks, you can always go a further step ahead in firefox, You can make the stored password encryption FIPS 140-1 compliant by using an alternate security module. “Tools > Options > Advanced > Encryption > Security Devices > Enable FIPS”. This improves the encryption strength and makes it more difficult for guessing programs to open the encrypted passwords database. (Federal Information Processing Standards Publications (FIPS PUBS) 140-1 and 140-2 are US government standards for implementations of cryptographic modules—that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations.)

    Considering all this, This article shows complete lack of analysis, and judging “security” based on a bird’s eye view isnt cool.

  6. OK – So now what it means that to protect my passwords in Firefox and Chrome, I need to create another (Master) password! Simply Not Done!

  7. A good password manager will disable the PM the browsers build in. Never tried Firefox’s Master Password because I use Lastpass cross-browser password manager. Internet Explorer 9 is more secure but Firefox is the worlds best browser.

  8. The saved passwords are secure, when Master password is set….but somehow i always forget passwords, so it was helpful to me to check it out….but again, i have set master password on my browser…anyone trying to view saved password should know my master password…..so to my point, they are totally secure!!!

  9. I really wish this particular writer would focus more on facts rather that constantly trying (and failing) to prove IEs superiority as a browser.

    First off, when the master password feature is used in Firefox, the passwords are not displayed in plain text, but are available to the owner if needed. Kind of a handy feature if you purchase a new computer and need access to the passwords stored in your old computer.

    Another advantage is that you only need to remember a single password to access all of your favorite websites…and all those stored passwords.

    Secondly, when the master password is used in Firefox, programs like WebBrowserPassView from nirsoft.net will not successfully display the password stored in the browser. The same cannot be said about IE because such password programs have no trouble at all displaying the passwords stored in IE…and there is no option to prevent it.

    So in reality, and despite what this extremely IE biased article suggest, when Firefox is set up properly it is much more secure (and convenient) than IE in terms of passwords.

  10. I Love Firefox and Im used to it since then 😉
    but I dont use save passwords in firefox, instead I use cookies 😀

  11. That’s why we have Lastpass. But its also why I love Firefox, i always can easily find out my friends’ passwords. And I have a password on my account.

  12. I totally agree with William. You should save passwords only on computers which you trust. BTW, both Firefox and Chrome options of saving passwords have their advantage when we forget passwords and frequently use some forums or websites. On the other side, IE offers a complete security from the start which is good. Finally, it depends on how you use your computer and what your needs are.

  13. In IE, you can go to the website of which you’d want the password, and when the password is filled in type into the address bar

    alert(document.getElementsByName(“password”)[0].value);

    which will give you a nice popup box showing the filled password. Storing passwords is never safe. If that doesn’t work, check the name of the password field and use that instead of ‘password’

    Conclusion: if you don’t want others to get your passwords, only store them on a pc you trust.

  14. bad review, just sore a master password in firefox, and will need password to get into passwords

Leave a Reply

Your email address will not be published. Required fields are marked *


8 + 3 =