Hacker News new | past | comments | ask | show | jobs | submit login

Just some, which is no worse than saving them in a browser.



Chrome and Edge uses the OS' own storage mechanisms for passwords (Safari too?), and that's considerably more safe than a plain text file.

Firefox uses a weaker scheme, but the passwords are still encrypted and it's definitely less accessible for an intruder compared to a plain text file.


You can just open the browser and look at the saved passwords in the settings. A little bit harder I guess.


If you set a master password for saved logins in Firefox then passwords won't be available with a simple click, and they will be encrypted on disk.

In browsers that use the OS' password storage then they will normally be stored in encrypted form, although the browser integration is seamless so you won't notice the difference.

In both cases, there is a significant security advantage in cases where the data on disk is leaked (say, if someone steals your computer and you don't have full-disk encryption.


At least in Chrome if you want to view the passwords; it asks you for Windows account password.


Chrome now requires your machine login to do this (on Windows at least where I tested it.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: