Saved Form Information and Passwords should be erased?

My XeroBank/Firefox browser is configured this way:

Always clear my private data when I close Firefox:

Browsing History
Download History
Cache
Cookies
Authenticated Sessions

These options are unmarked / were not selected / activated:

Saved Form Information
Saved Passwords

Also, these options are enabled:

Accept cookies from sites - Keep until I close Firefox.
Remember what I enter in forms and the search bar.

I was wondering why XeroBank have all options enabled, since we can't fill all password fields if we are using strong and different passwords, and even different usernames. Also, it is not wise to fill all over again the same data used before in all forms.

Why we should bother if passwords and form informations are being recorded by Firefox, if he is not being used by someone else (including our machine)? If I am recording these informations, they may represent a threat to my privacy, and my wish to be anonymous? I mean, cookies can trace you back to where they came from. Saved form informations and passwords can do the same?

 

With Internet Explorer it's not advised to save passwords etc..
(I read that when I started surfing).

With Opera,Firefox, and K-Meleon I usually save the passwords and usernames.These are for forums and non-financial websites.

I clear history,search info and that type of data when I close the browser.

 

Jim,

The reason saved form info and passwords are not kept, by default, is because yes, those informations could reveal information about you or allow people coming along after you to get into your account.

The problem is that Mozilla does not protect the logins and passwords by default, they are stored in a file and merely converted to base64 encoding. In order to protect them you have to enable a master password. However, I am unable to distribute XeroBank Browser while having a master password already set and secured for multiple reasons. The smart thing to do is to enable master password and use that, OR, don't save your passwords at all. Nothing in between.

 

Steve,

wait, let me set things straight.

Unless our computers are being shared with other people (that's not my case), I see no reason to erase all form informations and erase all usernames and passwords. I am using different passwords (strong passwords, not easy ones, like my birth date or my dog's name).

Therefore, it's impossible for me to remember each one of them (unless I have a single .txt file with all these informations. So, I will have to open this file and select my passwords (control +C and control + V) and fill all forms, all over again (I don't know what kind of software can do that).

Even if all passwords and usernames could be stored and sent by this software, I still need all form informations, in order to keep using many websites and saving a lot of time. This network is slow, so, any ways of saving time will be appreciated (and indeed, necessary).

I was asking why XeroBank/Firefox doesn't have these options disabled by default:

Always clear my private data when I close Firefox:

Saved Form Information
Saved Passwords

Like I explained, unless you're not the only one who is using your computer, there's no reason to cover all these informations. If this is the only reason, they should be disabled by default. Don't you agree?

Unless some websites could identify a hidden file stored on your hard drive with all passwords and form informations and therefore, identify you, like they do with cookies. That should be a good reason, in my opinion.

This is not acceptable, either, if you're willing to have a single/master password, you're not secure (I am not talking about our wish to be anonymous). We should have a dozen of different and strong passwords, and usernames. I can't remember, at all, even the password used to log on this board.

As for the IE passwords, they never work right for me (sometimes my browser didn't save passwords). By using some programs you may reveal all passwords stored on your IE (try Data Doctor Password Recovery). Again, I see no reason to erase any passwords stored on our own machine.

 

I disagree. In your particular instance, you can disable them; but it would be a very poor idea to have that setting disabled by default. Many people, I should think, don't trust the computers they are working on. They could be spying on them from whatever cyber-cafe. The owner or someone else could have a bug on the system, reading through that user's files. It is not acceptable to leave logins/passwords around in plaintext on an untrusted environment.

I suggest you try KeyPass, a password wallet that can learn to input your passwords into form information. It controls all your passwords from an encrypted database file.

I see it a little differently: I see no reason to ever store any plaintext passwords, even on my own machine.

Then again, my concerns aren't just anonymity. If you trust your computing environment, trust it. If you don't, then don't store sensitive data on it.

 

I was talking about our own machine, not shared computers.

I agree with you - it's pretty obvious no one should and can trust on other machines, instead of your own.

Your company is capable of verify every single bit of information you have accessed on their machines. More than that, I think it's a very stupid idea to trust on any machine not managed and verified by yourself, all the time.

In my case, I do not share my computer with anyone else. Not any member of my family, anyone at all. My passwords are available to my eyes only, and to my computer.

I checked KeyPass, like you suggested. He is not very helpful. His only good resource is to protect all your passwords. However, he is not capable of auto-complete the forms (usernames and passwords) on Xerobank, Firefox and IE while you're accessing your websites (like this board).

KeyPass is able, while he is running (not minimized and sleeping on your tray, you must tell him to perform this action), to send your password to clipboard, and that's all. I see no use for him, at this time.

You're missing the point. We are able to hide every sensitive informations, such as passwords and usernames.

It's just the price you pay for being paranoid (unless you're chased and wanted by the police) that is very high.

I am willing to use XeroBank in order to be anonymous, what I am not willing to do is lose a couple of minutes instead of seconds just to make a simple login, considering it's already not too easy (and fast) to surf this way.

 

Jim,

KeyPass can detect your forms and fill them in, I had thought. I'll check it again, perhaps that was some other wallet.

Regarding the safe environment, I think we'll shortly be able to solve that with xB Machine with the bootable option, that way your concern in foreign computing environments is hardware and physical spying issues.

Steve

 

Oh-oh. Torrify, check this out:

http://www.heise-security.co.uk/services/browsercheck/demos/moz/pass1.shtml

Now I am worried. Noscript was enabled (and also Java/Javascript inside Firefox) and this website was not allowed on whitelist. And even this way, after I saved the login and the password, they were showed again on the evil page!

OK, here's the solution:

https://www.wilderssecurity.com/showpost.php?p=1045801&postcount=2

You should include this plugin on Xerobank. It's very nice.