Everybody has probably heard about this before, but it’s worth repeating: Firefox’s storage of passwords is not secure!

Saved passwords are not safe if you do not create a master password. If you use Firefox and you want to see for yourself, go to Firefox’s Preferences, visit the Security tab, and press the Show Passwords button. This will show all your passwords in plain text for anyone to see.

Anyone with physical access to your computer or running a malicious script on it can easily harvest all of your passwords! You could certainly add a master password to obtain some protection, but it wouldn’t be a wise choice: if you want to look up a password, Firefox helpfully shows all of them at once, the perfect situation for any shoulder surfer.

This problem is further aggravated by remotely syncing your Firefox settings and private data across several computers. Google Browser Sync does exactly this. Are you sure that those other computers are secure? Can anyone grab those unprotected copies of your bookmarks, history, persistent cookies, and saved passwords?

Autocomplete and syncing are nice and convenient features, but they can lead to severe security and privacy consequences. Here are my suggestions for your settings on Firefox 2:

• Preferences > Privacy > History - Uncheck “Remember what I enter in forms and the search bar”.
• Preferences > Privacy > Private data - Check “Alway clear my private data when I close Firefox” and check all type of data in the related Settings pane.
• Preference > Security > Passwords - Uncheck “Remember passwords for sites”, uncheck “Use a master passwords”.

and, most important

• Use an online password manager!

If you can’t wait for the official launch of Clipperz online password manager … there are several alternatives.