![]() ![]() The checkbox in the screenshot refers to the Firefix Password Manager without Master Password, although it doesn't check and it works in both cases. (My initial research reveals complaints and vulnerabilities in old (pre-Sync) versions of Firefox, including confusion about which login components are encrypted and which are not, suggestions that new Sync is "zero-knowledge" (but no clarification on what is stored in plaintext locally), claims that LastPass uses JavaScript for encryption and is therefore inherently insecure and, most confusingly, endorsement of LastPass from Mozilla.) I assume the threat model is something like daily browser use, including entering passwords for online banking etc, and storing and sharing login credentials between browser installations on different machines you own.) ( not comparing LastPass to unsynced Firefox without Master Password). and Firefox Sync (remote storage, encryption/security and device synchronization). ![]() with Master Password (local encryption/security).Firefox Password Manager (local storage).Important: For an apples-to-apples comparison, this would mean comparing LastPass to: Is Firefox less secure than LastPass for the same tasks under the same implied threat model? (This option appears as long as the Firefox Password Manager is enabled, whether or not a master password is being used.) After installing the LastPass password manager, I am presented with a login dialog including the option to "Disable Insecure Firefox Password Manager". ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |