Did you know that Mozilla Firefox and Google Chrome like to display your passwords in plain text? No? Well, they sure do.

If you want to see what I’m talking about, follow the steps below.

Open Firefox.

Click on the Firefox Menu at the top left corner.

FirefoxMenu

Select Options, then click on Options.

FirefoxOptions

Click on the Security tab at the top.

FirefoxSecurityButton

Click the Saved Passwords… button. This will open up the Saved Passwords box. Now click on Show Passwords Button.

Example Below:

FirefoxShowPassword

Surprise!

Did your jaw just hit the floor? I know mine did the first time I saw what Firefox was hiding from me all this time.

Is Google any better?

Now let’s open up Google Chrome and click Settings.

ChromeSettings

Once you get into your settings, scroll all the way to the bottom and click on Show advance settings…

ChromeShowAdvanceSettings

Look for the section Passwords and forms and click the Manage saved passwords link.

Select the site where you saved your password and click Show button.

ChromeShowPassword

Okay, I’m done with the surprises.

So how did Firefox and Google Chrome get my passwords in the first place?

To get the answer you must also answer this question: Have you ever seen the following notification in your web browser?

Mozilla Firefox:

FirefoxPasswordNotification

Google Chrome:

ChromePasswordNotification

Whenever you clicked on the shiny button “Remember Password” in Firefox or “Save Password” in Chrome, the site username and password are saved within the web browser – and as you also saw – displayed in plain simple text.

So what’s the big deal?

Anyone can walk up to your computer and take a quick look at your web browsers history/settings. Just imagine you’re at the office and you step away from your computer and a nosy/curious coworker gets the chance to take a look. That is why it’s important to always lock down your computer before you step away from your desk.

Additionally, say you’re unlucky enough to have some malicious software installed on your computer which happens to allow the hacker gain remote control of your desktop. The hacker will only have to wait until you are away from your computer to check your saved passwords.

What if you sent your computer out to a repair shop and they “just happened to” take a look at your saved passwords? It only takes a few seconds for them to snoop around on your computer and  do who-knows-what with your credentials.  There are a lot of different ways these passwords can be intercepted.  This just happens to be one method of interception that can be avoided.

So what’s the work-around and how do I keep my passwords safe? Fortunately there are plenty of third party plug-ins people use with their web browsers. Perhaps you can recommend what plug-in works best for you in the comment section below.

I found a plugin called LastPass. With 254,540 users and 827 reviews just for the Firefox plugin alone seems to be a great alternative. Best thing about this plugin is that it also works with the Google Chrome web browser.

 

3 Responses to Surprise! Firefox and Chrome display passwords in plain text

  1. Well if I leave my garage door open then anyone can have access to my golf clubs too. I simple close the door. Do the same for Firefox with a master password.

    When I try to view my passwords in Firefox I get “Please enter the master password for the Software Security Device.” That is because I enabled the master password. Its right there on the Security tab – which you didnt include a screen shot of. if you did then everyone would see “Use a master password” with a checkbox and immediately above the “Saved Passwords” button (again on the Security tab) there is a button named “Change Master Password”.

    That is all anyone needs to do. No third-party plugins. The entire word “third party plugin” scares me. When you install these plugins you have to click through a warning that states that the developer COULD have access to your browsing history and other sensitive items. No thanks.

    The master password in Firefox is built into the executable. Mozilla has too much to lose by sniffing passwords so I trust them. As far as Chrome goes? I dont save passwords on Chrome. But Chrome does also have a user / password feature that can lock out people who shouldnt be sniffing around. :-)

    • Moises says:

      Ahh Very cool information! Thanks for the heads up! I honestly did not know that you can lock down your passwords within Firefox using the Master Password option.

      Ok then folks… Set up a Master Password within Firefox and you should be good to go. I just set it up and it does protect your password list.

      Good Comment my friend. :)

  2. [...] saved passwords,” a person using your computer could see all of your passwords in plain text. Internet Explorer also lacks master password capability, but it doesn’t provide snoopers an [...]

Have a comment? Make it here!