In <news:[email protected]>,
Rufus <[email protected]> wrote:
> Hartmut Figge wrote:
> > Rufus:
> >> »Q« wrote:
> >
> >>> Setting the master password to the empty string is a workaround
> >>> for a specific problem the OP has. The OP doesn't want to use a
> >>> master password in the first place, so using the empty string as
> >>> the password won't decrease the OP's security.
> >> Maybe, but I'm very surprised a user would be able do that without
> >> still wiping out his password list - simply changing the Master to
> >> a null string once it has been set is still a change; I question
> >> if that will actually work...and quite hope it doesn't work,
> >> really...for all of the reasons above.
> >
> > But you need the old master password to accomplish that. ;)
> >
>
> Which can also be easily hacked, if someone is smart enough to
> accomplish the foregoing.
Not any more easily hacked than other encrypted stuff. A dictionary
attack or some other brute force method would work if the master
password is weak enough, and I guess most people use pretty weak ones.
But if a malicious hacker has physical access to your computer, you're
in a world of trouble anyway, no matter what choices have been made. A
master password is more useful against "casual" tampering, in which
some nosey cow orker (for example) sits down at your workstation to see
what he can do just by clicking around.
> I've been warned against using the password managers in browsers by
> our IT security folks at work (and I never do, at work)...I think I'm
> going to start paying closer attention to them.
That's a valid choice, for sure. The next thing would be to find a way
to avoid ever typing any passwords, since keyloggers will pick them up
that way. An on-screen keyboard to click on is one way to do that, but
it's too annoying for most people to put up with.
--
»Q« /"\
ASCII Ribbon Campaign \ /
against html e-mail X
<http://www.asciiribbon.org/> / \
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
