With patience akin to a cat's, Barry Edwin Gilmour, on 12/21/2008 6:52 PM typed:
D. K. Kraft wrote:
Among ZDNet's blogs for 12/15/08 was this posting: "Major Web browsers fail
password protection tests" (http://blogs.zdnet.com/security/?p=2305). The test
in question was performed by Chapin Information Services, and the full details
can be found here: http://www.info-svc.com/news/2008/12-12/
The tests were performed on Firefox 3.0.4, Opera 9.62, IE 7.0, Safari 3.2, and
Google Chrome 1.0. Both FF and Opera faired the best with an overall score of 7,
but they still each failed 13 of the 20 tests. I'm wondering where SM stands in
this testing, given the current version of Gecko and the associated password
vault/wallet. I've not worked with FF 3's version of password manager, but I
assume it has an encryption function similar to SM's master password, etc.
Execution of this function, however, likely differs between the two apps.
It seems easy, IMO, to dismiss this issue out of hand as user laziness, but when
one is operating with literally dozens of different passwords, having them
consolidated in a vault-type location does save time and effort. I'm wondering
if having the master password set for "Every time it is needed" affects how SM
responds vis a vis the CIS test battery.
Feedback and comments, especially of SM developers, solicited and appreciated.
Erm...the test results for SM 1.1.14 certainly don't inspire confidence--86%
failure rate (passing only 3 out of 21 tests). Obviously there is a core
difference between FF 3 and SM 1.1.14, since the former passes tests the latter
fails and vice versa. The only test they pass together is that of valid URIs
not breaking anything, which appears to be a commonality between all browsers
tested except for Safari and Chrome.
I hope this is a priority fix in the development of SM 2, as well as something
that Really Should Be Patched ASAP for 1.1.14. Rigorous password protection is
definitely a must for SM, especially since users will continue to want, given
human behavior, to make use of the Password Manager function--myself included.
Thanks for the very nice colored chart of CIS test info, Barry, c'est
/\ /\ | "I love cats because I enjoy my home;
^o o^ D.K. "Cat" Kraft | and little by little, they become
->T<- kraftyc...@verizon.net | its visible soul."
~ Lynnwood, WA |
___oOO___OOo___ | -- Jean Cocteau
support-seamonkey mailing list