>>52363191
the passwords are stored in an encrypted form, but the encryption key is also stored in the profile (otherwise, firefox wouldn't be able to read them again). so someone with access to your profile folder would have access to all saved passwords.

you can, however, set a master password (about:preferences#security). in that case, another layer of encryption will be added, using the master password. you'll have to enter the master password once per firefox session. when you exit firefox, the passwords will be safely stored in your profile.

>>52363191
>mac
It doesn't matter, the botnet already has your password.

>>52363224
I just notice for the first time that you can actually view the saved password in firefox's option.

>>52363383
Chrome does it as well.

>>52363191
no.

>>52363224
>password is too long
come on, how the hell can a "master" passwd be too long?

It's safe if you know what you're doing.
If you send your shit to mozilla without a password, it's very likely the UK intelligence service can break into your shit. If you store it locally and/or encrypted then you're okay.

Chrome version is only safe if you set your own sync password

It's better than having just one password

Use a password manager, people. Preferably one with 2FA.

>>52364609
>2FA
Not one of them "cloud" ones. Reliance on a third part is stupid

>>52364609
How do you build a password manager with 2FA that doesn't require you to trust some shitty cloud startup?

>>52364726
Technically, 2FA does not rely on the 'cloud', nor is it inferred.

just use keep ass already.

>>52364752
Password Safe + YubiKey

>>52364752
could be keyfiles, yubikey, or a otp extension for keepass2

>>52364752
Just use LastPass. They take all the right steps to ensure security.

>>52364813
lol no, lastpass is google tier botnet, never trust them

>>52364813
maybe before the logmein buy out, now i wouldn't trust the service

>>52364841
>lastpass is google tier botnet
[citation needed]

>>52364861
Why? Logmein programms are the de-facto tool scammers use to do technical support scamming, because they dont keep logs

>>52364813
http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it/
Everybody messes up, but in LastPass' defense, they did take this very serious and patched it very fast.

>>52364841
A botnet is a client/server model with malicious intent. Clients are infected, typically without consent of the owner or him being aware thereof, which are called zombies and in turn infect other machines while awaiting commands from and sending (private) information to the command and control server.

LastPass and Google fail to meet a fundamental criteria to be labelled a 'botnet', which is that you *chose* to agree to use their services (therefore with you consent). I.e., you should've fucking known better.

>>52364930
>http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it/
This article mostly covers the risks of using LastPass on shared PCs, though.

>>52364906
and that's a good thing to you?

alright, you feel free to use lastpass, I'd rather keep it local.

>>52363224
/thread