»Q« wrote:
In <news:[email protected]>,
Rufus <[email protected]> wrote:
Once a hacker has your bookmarks file and the file containing your
passwords, you're open to any sort of ID theft permissible by that
combination. Your browser information is one of the best targets for
a hacker to exploit...so being able to just wipe the Master
encryption key and be able to still access that information is about
the next best thing to no protection at all...
I certainly hope that isn't the case, and is why SM wipes all
passwords out on a Master reset.
It *is* the case, which is the point. Users have the option of using
no master password protection at all, anyway.
Setting the master password to the empty string is a workaround for a
specific problem the OP has. The OP doesn't want to use a master
password in the first place, so using the empty string as the password
won't decrease the OP's security.
Maybe, but I'm very surprised a user would be able do that without still
wiping out his password list - simply changing the Master to a null
string once it has been set is still a change; I question if that will
actually work...and quite hope it doesn't work, really...for all of the
reasons above.
--
- Rufus
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
