A brief Sony password analysis
So the Sony saga continues. As if the whole thing about 77 million breached PlayStation Network accounts wasn’t bad enough, numerous other security breaches in other Sony services have followed in the ensuing weeks, most recently with SonyPictures.com…
Your passwords are STILL showing in Firefox
This has been an issue for over 2 years, and it’s still an issue in Mozilla Firefox (even in Firefox 4 which was released to the general public yesterday). It’s a great browser, and I highly recommend it; Firefox has been a huge factor in the progress of web development.
One place that you still need to be careful using Firefox is “password management”. For those of you that don’t immediately know what password management is in Firefox, it’s the little “Remember Password” dialog that pops up when you log into most authenticated websites. It turns out that Firefox doesn’t mind showing you the password of which you’ve saved, in plain text (I’m being serious). This is default behavior, so if you haven’t spotted this, then chances are it applies to you right now. This means that someone could quite easily go onto your mac and read all your passwords by doing the following:
First of all open up “Preferences” in Firefox and head to the “Security” tab. Then click the Saved Passwords button as shown below:
This will bring up a Passwords window. Due to obvious reasons I’m not going to show you mine, but you need to look for this button at the bottom right of the window:
Press this button and voila! All your passwords are shown, in plain text, on-screen (N.B. I’ve removed my username + password from the screenshot below for security purposes). 
Right so that’s the issue, you might be wondering how to fix this. The way to change this is to set a master password for Firefox. Close that passwords window, and go back to the Security preferences pan. There you’ll see an option for “Use a master password”.
This means that Firefox protects all your saved passwords with a master password which is never shown. However, get used to seeing this prompt…
Because it comes up ALL the time when you’re using password-authenticated sites.
This has been part of Firefox since forever. Hopefully one day they’ll fix this issue, however for now, it’s still just a massive security hole.
How quickly can your password be cracked?
Web users beware—even if you create a complex password containing numbers, upper and lower case letters mixed with common symbols (like a percentage sign), the time it would take to crack it is virtually instantaneous. See the eye-opening chart below for some shocking crackability stats.
To ensure yours is as strong as possible, try this:
Use a password manager, allow it to create a different random super strong password for every site and then create a super strong master password. Use an offline password manager that does not store your passwords on its servers whether encrypted or not.
