»Q« wrote:
In <news:[email protected]>,
Rufus <[email protected]> wrote:
David E. Ross wrote:
On 4/25/10 4:08 PM, Rufus wrote:
»Q« wrote:
In <news:[email protected]>,
Rufus <[email protected]> wrote:
Once a hacker has your bookmarks file and the file containing
your passwords, you're open to any sort of ID theft permissible
by that combination. Your browser information is one of the
best targets for a hacker to exploit...so being able to just
wipe the Master encryption key and be able to still access that
information is about the next best thing to no protection at
all...
I certainly hope that isn't the case, and is why SM wipes all
passwords out on a Master reset.
It *is* the case, which is the point. Users have the option of
using no master password protection at all, anyway.
Setting the master password to the empty string is a workaround
for a specific problem the OP has. The OP doesn't want to use a
master password in the first place, so using the empty string as
the password won't decrease the OP's security.
Maybe, but I'm very surprised a user would be able do that without
still wiping out his password list - simply changing the Master to
a null string once it has been set is still a change; I question
if that will actually work...and quite hope it doesn't work,
really...for all of the reasons above.
Another example of trying to over-protect experienced users.
Actually, I'd think there would have to be an extra branch in the
code to be able to do this...which would be an implementation to
blatantly NOT protect users - experienced or otherwise.
Erasing all the users' passwords when they want to stop using a master
password wouldn't protect them from anything in any way -- it would
just force them to re-type all their passwords into SeaMonkey again.
It would reset the encryption engine - and yes, thus they would have to
retype them again. I've got no problem with that.
I always retype them - when setting up a new machine/account/Master. I
just use one machine that hasn't yet been reset as my reference.
--
- Rufus
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
