this post was submitted on 10 Feb 2024
93 points (96.0% liked)

Firefox

17942 readers
3 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

I'm just scared that they're saved with reversible encryption on the disk, then malware could steal them

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 9 months ago (1 children)

And honestly, that's the 80% of the 80/20 trade-off for security vs practicality. If you use a different password for each site, you're protected from the most common attacks (password dumps). The rest of the measures you could take are just optimizations on the last 20%.

If you have a solid backup plan for if you get hacked (e.g. only use credit online), you're probably fine. Most likely, you're not going to get your browser password manager scraped, because that means you need to both get malware, and get the type of malware that knows how to scrape browser password manager data. If it's protected by a master password, it's incredibly unlikely you'll get hacked unless it's a targeted attack.

But if you want to go the extra mile, you can close a lot of that 20% with a few extra measures. It's up to you how far you choose to go.

[โ€“] [email protected] 1 points 9 months ago

That all sounds good to me. Good clarification.