Password-Protecting Firefox

Firefox supports caching of passwords, just as most other browsers do. By doing this, you usually only have to enter your username and password one time because Firefox saves this information to the password cache. The next time the site asks for identification, Firefox supplies the cached username and password information.

My password list, which I maintain in an encrypted file on my desktop, contains more than 100 usernames and passwords and almost 500 lines of identification information! It is huge.

Generally, Internet Explorer manages my passwords for those machines on which I use Internet Explorer. The same is true for my Firefox systems: I let Firefox manage my username and password information.

Still, though, I must keep a record of these vital passwords and other bits and pieces of information. You should never rely on your browser's password cache. However, Firefox does give you the ability to back up your cache of passwords. They are in the signons.txt and key3.db files. Save both to a safe location.

signons.txt is a text file, viewable in Notepad, although the sign-on names and passwords are encrypted to keep them safe.

When used with the master password option, signons.txt has encrypted usernames and passwords, and this information should not be indiscriminately distributed!

Windows XP users should consider applying security policies to all files in their profiles. If someone guesses your master password, all your passwords will be available to him!

To set security, right-click the profile folder, display its properties, and click the Security tab. Make sure that only you (and the administrator and system groups) has access to these files. In the Advanced settings, make sure that Replace Permissions Entries is checked so that all subfolders and files have these security settings applied.

With Firefox, you can set a master password. This password means you have to remember only one password, rather than hundreds (see Figure 5.9). (Hundreds? Well, it is recommended that you use unique passwords for each site that requires a password....) With the master password, Firefox prompts you for this master password as necessary and then uses this master password to encrypt your password cache files.

After you click View Saved Passwords, Firefox displays the Password Manager (see Figure 5.10). To see the saved passwords, you need to respond with the correct master password, if you set one.

Figure 5.10. The password manager shows the URL, username, and (optionally) the password used.

Each time you enter a site that requires a password, Firefox first checks the Password Manager. If a username and password are stored for the URL, Firefox uses them. If no username or password is stored for the URL, Firefox prompts you for both. If you have selected Remember Passwords (refer to Figure 5.9), an active check box appears, instructing Firefox to save this username and password.

Sometimes you might wonder where all this magical information is stored. Firefox stores security- and privacy-related information specific to a user's profile in the following locations:

• bookmarks.html Your bookmarks (favorite sites) are stored in this file. The file is a basic HTML file.

• formhistory.dat Information regarding any web forms you filled out is stored in this file.

• history.dat A record of each URL you visit is saved in this file.

• cert8.db This file is the client certificate database.

• signons.txt This is a text file containing username and password information. The actual usernames and passwords are encrypted in this file.

• key3.db This is an additional file that is used with signons.txt to manage usernames and passwords.

• secmod.db The file used by the security module. Information in this file includes certificates.

• cookies.txt Your cookies are stored in this file. Even though it's a text file, you can use the Cookie Manager to delete entries.