BD Wallet vs Firefox Password storage

I use FF and recently have changed my AV to Bit Defender. BD has Wallet which is a password manager. FF also managed passwords.

Is there any reason that Wallet is more secure than the password manager in FF?

Thanks,
Jerry

 

Hey Jerry,
there is malware which have the ability to Steal passwords from browsers.
I prefer to use an offline standalone password manager and In my case I use keepass.
I have no experience with bitdefender password manager so no idea how good or safe it is.

 

Thanks, Lodore. I did find this on the BD forum.
Quote: "That’s why Bitdefender has created Wallet, a utility that ships today with the New Bitdefender. This virtual wallet can be used to store bank account numbers, PINs, credentials for websites, e-mails, subscriptions, applications or wireless networks, keeping all sensitive data together and encrypted in a single location locked with a master password." End Quote

It sounds good, but I admit my own ignorance regarding such things. I do not know if the password managers by the browsers are encrypted or not.

Regards,
Jerry

 

IMHO, how secure or not is a password manager is a matter of trust between the user and the developer. One can only review the feature set advertised, poke the forums and reviews if any, and make a decision.

A password manager could be anything from a password protected text file you open as needed and you read/type your login strings to an app where you click on the My Walla-Walla Bank Account item you created and the next thing you see is your accounts home page in the default browser or one of proprietary association.

I'm surprised the merits and drawbacks of stand-alone, integrated, plug-in/extension, Web/cloud based, etc. etc. solutions aren't self-evident or otherwise readily researched and simply concluded to by a Wilders Massive Poster.

Anyhow, in Firefox to the best of my remembrance, passwords are stored in the signons.sqlite file, triple DES CBC encrypted via the key3.db file unique to its profile if you enable Use a Master password... in Options. I can't say for Chrome or Opera or IE, but how stupid would that be if their password stores weren't encrypted and as such the subject of long term well-known universal scorn?

FWIW, I run the freeware FlyingBit Password Keeper, portable from a switch-locked USB stick. (The developer's online presence is currently in revision, so Softpedia is the preferred source.)

Personally, I wouldn't run anything where my password store point is in the cloud but if my mobile needs were more complicated I might re-align that opinion.

That quote from the BD forum doesn't say anything about where your data are stored or what encryption is used. You should search engine of choice on that.

And then there's that https encryption/certificates gorilla-in-the-room...

Good Luck and Cheers.

 

Here's just a couple of software that can fish (steal) passwords out of Firefox:
http://www.softpedia.com/get/System/Back-Up-and-Recovery/Firefox-Password-Recovery-Tool.shtml
http://www.softpedia.com/get/Security/Password-Managers-Generators/Firefox-Password.shtml
I'd go with Bitdefender Wallet, or LastPass, Sticky Password Pro.

 

Certainly, each application (web-browser and storage manager) comes with inherent security risks and adds to the users attack surface area. What we can say for certain, is an internet facing application such a web browser is at much greater risk of attack. In general, companies generally don't have the best track record when it comes to data protection. I'd be hesitant about trusting cloud and browser based storage solutions. Especially about relying on the encryption services they provide. If you must transport or store confidential information, than keep it stored on a non-networked device. You should always keep the data encrypted (not in plain-text), and only connect to it as needed. The portability of these devices put your data at even greater risk. One of my older MP3 players could act as a portable storage device, when switched to data storage mode. This had be thinking about re-purposing other stuff for password storage on the go.

 

I wonder what happens when your Bitdefender subscription runs out and you don't wish to renew? Can you no longer use Wallet? If not, then I don't think I would spend the time entering all this information into Wallet.

 

I don't enter info into Wallet. I go to whatever sites as I normally do, sometimes with passwords saved by FF, and Wallet takes care of remembering the passwords as I have "checked" that option.
I do have a 2 year subscription so that will be far in the future if I don't change AVs. So far I like BD so well I am not thinking of changing.

Jerry