In <news:[email protected]>, Rufus <[email protected]> wrote:
> »Q« wrote: > > In <news:[email protected]>, > > Rufus <[email protected]> wrote: > > > >> Once a hacker has your bookmarks file and the file containing your > >> passwords, you're open to any sort of ID theft permissible by that > >> combination. Your browser information is one of the best targets > >> for a hacker to exploit...so being able to just wipe the Master > >> encryption key and be able to still access that information is > >> about the next best thing to no protection at all... > >> > >> I certainly hope that isn't the case, and is why SM wipes all > >> passwords out on a Master reset. > > > > It *is* the case, which is the point. Users have the option of > > using no master password protection at all, anyway. > > > > Setting the master password to the empty string is a workaround for > > a specific problem the OP has. The OP doesn't want to use a master > > password in the first place, so using the empty string as the > > password won't decrease the OP's security. > > Maybe, but I'm very surprised a user would be able do that without > still wiping out his password list - simply changing the Master to a > null string once it has been set is still a change; I question if > that will actually work...and quite hope it doesn't work, > really...for all of the reasons above. I don't see any reasons above for forcing loss of all stored passwords if the user makes the choice of going back to the default, which is no master password. Unless you think that every user should be forced to use a master password, I can't figure out what you're arguing. It worked for me when I just tried it. I don't usually use a master password, but I set one then changed it to the empty string without any data loss. When I changed it to the empty string, I got a warning that my passwords would no longer be protected by a master password. -- »Q« /"\ ASCII Ribbon Campaign \ / against html e-mail X <http://www.asciiribbon.org/> / \ _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
