Many famous browsers like Google chrome, FF (Firefox), etc provide the option to “remember password “option for its users to save the password.
Do you know where passwords are stored in browsers!!
Firefox stores passwords in two different files – key3.db (This file stores your key database for your passwords) and signons.sqlite ( This file stores saved passwords. Both of these two files are located on the Firefox profile directory).
How can we secure it by using “master password”!!
Passwords used for login into the website are stored in ‘signons.txt’ text file which has Base 64 encoding which means there is no strong encryption. Anyone who is able access this text file can decode your password easily. Prominent tools like “PasswordViewer” can help in this purpose.
The best option to secure password stored in browsers text file can be done by using master password. Here all saved passwords are encrypted by using the master password and stored on signons.txt and signons.sqlite. Another tool such as “Password Hasher” is a Firefox add-on that computes unique passwords using at least one master password. This means that every website will have a different password stored in their database while the user will be using the master password(s) to access those websites
Thumb rules for setting strong master password!!
Before setting the master password, remember that security of saved password is directly related to strength of master password. Master key for the encryption algorithm is made from salt which is stored on key3.db and Master Password. Consider the following
- It should be easy to remember for YOU and hard to guess for OTHERS.
- Mozilla (and most other companies such as Microsoft) suggest using at least 8 character with upper case, lower case, number and a special symbol like #, $ % etc,
- You can have a sentence or phrase which you can remember easily:“Itishardertocrackaprejudicethananatom”( Almost impossible to crack)
Is there possibility to recover/hack “master password”?? Not impossible
General user perception was when we reset the master password, all saved passwords will vanish and it is not possible recover the master password. But it is possible, you need to just copy this key3.db file to different directory and specify the corresponding path to FireMaster. You can also copy this key3.db to any other high end machine for faster recovery operation.
FireMaster generates passwords on the fly through various methods. Then it computes the hash of the password using known algorithm. Next this password hash is used to decrypt the encrypted data for known plain text (i.e. “password-check”). Now if the decrypted string matches with the known plain text (i.e. “password-check”) then the generated password is the master password. After obtaining master passwords, the saved passwords in the signons.txt files can be decrypted
Conclusion
If you want save your password, then use master password to protect them. If you want to transfer your saved password on firefox, then copy singonsN.txt, signons.sqlite and key3.db to your Firefox profile directory. Strength of encryption is depend on the strength of the Master Password you choose
If you forget your master password, you can get it back via FireMaster which means that hackers too can crack them. To prevent it, strengthen your physical and network security
Comments are closed.