»Q« wrote:
In <news:[email protected]>,
Rufus <[email protected]> wrote:
»Q« wrote:
In <news:[email protected]>,
Rufus <[email protected]> wrote:
Once a hacker has your bookmarks file and the file containing your
passwords, you're open to any sort of ID theft permissible by that
combination. Your browser information is one of the best targets
for a hacker to exploit...so being able to just wipe the Master
encryption key and be able to still access that information is
about the next best thing to no protection at all...
I certainly hope that isn't the case, and is why SM wipes all
passwords out on a Master reset.
It *is* the case, which is the point. Users have the option of
using no master password protection at all, anyway.
Setting the master password to the empty string is a workaround for
a specific problem the OP has. The OP doesn't want to use a master
password in the first place, so using the empty string as the
password won't decrease the OP's security.
Maybe, but I'm very surprised a user would be able do that without
still wiping out his password list - simply changing the Master to a
null string once it has been set is still a change; I question if
that will actually work...and quite hope it doesn't work,
really...for all of the reasons above.
I don't see any reasons above for forcing loss of all stored passwords
if the user makes the choice of going back to the default, which is no
master password. Unless you think that every user should be forced to
use a master password, I can't figure out what you're arguing.
It worked for me when I just tried it. I don't usually use a master
password, but I set one then changed it to the empty string without
any data loss. When I changed it to the empty string, I got a warning
that my passwords would no longer be protected by a master password.
...bummer.
--
- Rufus
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
