This is an user contributed article.
Choosing the password is only the first step; you have got to remember it. You can not remember 100s of password at a time. However, with the help of a password manager, you can organize passwords, host names, and PIN codes.
Like most of you, I love using Firefox and explaining the advantages of Firefox to others who use other browsers. Unlike other browsers, Firefox has huge list of excellent add-ons that will satisfy almost all of your requirements in using a browser. Following are the list of 7 powerful Firefox password related add-ons that will make your life in managing passwords very safe, secure and easy under Mac OS X, Linux / UNIX and Windows operating system.
Password Manager
Password manager is a software that securely stores the passwords and respective accounts on the user's computer for handy reference. The software typically has a local database or files that holds the encrypted password data. Many password managers also work as a form filler, thus they fill the user and password data automatically into forms. These are usually implemented as a browser extension.
1. Master Password Timeout
Firefox's internal password manager, asks for the master password only one time for the whole session and it never times out. Using Master Password Timeout add-on, you can specify the inactivity time-out in seconds as shown below. In my opinion, this should be a Firefox built-in feature.
Fig.01: Master Password Timeout
2. SecurePassword Generator
SecurePassword Generator is an excellent password generator add-on with the following features.
- Copy the random password to clipboard
- Generate unique passwords that can be typed using both hands, left hand only or right hand only. For example, when you choose 'Left Hand Only', it will generate password only using the keys on the left side of the keyboard.
- Specify the total number of characters.
- Ability to choose alphabets (lower case, upper case or mixed case), numbers and special characters for the password.
- You can also specify a list of characters to be excluded.
- When you using alphabets, numbers and special characters, you can specify the weight as shown in the screen shot below.
Fig.02: Secure Password Generator – Create Tab
Fig.03: Secure Password Generator – Characters Tab
3. Password Hasher
Creating and remembering unique passwords for every site where you have an account is a very hard. You can use either Firefox built-in password manager or some external password manager, that will remember the password for you and store it in an encrypted file or database. Lot of people who don't feel comfortable using a password manager, eventually end-up using the same password for all the websites.
Password Hasher add-on uses, Password hashing technique where using a master password and a unique parameter (such as website domain name), it will always give you a same strong password, which will be different for every website. So, all you need to remember is a master password. But, you still can give different strong passwords to all your online accounts without the hassle of remembering or storing all of them.
As shown below, for yahoo email website, using the master password as 'singlepassword', it created a strong password that is shown in 'Hash Word' field. You don't need to remember this strong password, which can be recreated anytime using the site tag and master password.
If a website has special password restriction, such as password length or at least one upper case etc., you can specify those password requirements also as shown below.
To launch password hasher, go to a website that displays username and password field, and do one of the following:
- Click on Firefox Tool menu → select Password Hasher.
- Press Control + F6 when either username or password field on the website is highlighted.
- This add-on will display a '#' symbol right below the password field on all the websites. Clicking on the '#' will launch the Password Hasher.
Fig.04: Password Hasher
4. Password Maker
Similar to Password Hasher, Password Maker also uses Password hashing technique to generate unique strong password for every website using just one master password. Password Maker has lot of advanced options. Apart from username and password, you can also specify additional fields that needs to be filled automatically on a web page.
From the advance options → Accounts Tab → Select 'Settings' from the drop-down list, which will display Password Maker account-specific setting dialog → , click on Extended Tab → From here you can choose type of Hash Algorithm used by Password Maker. By default it uses MD5.
Fig.05: Password Maker Basic Options
5. Secure Login
Login to a website just with a single click or a keystroke. If you are using the Firefox built-in password manager, Secure Login is a must have add-on. You can login to a website either by clicking on the key icon on the tool bar (similar to Opera's wand login) or simply by pressing Alt + N.
See Secure Login screenshots from mozdev.org.
6. Unhide Passwords
If you are constantly making typos while entering the password, Unhide Passwords add-on may be helpful, where it will unhide the passwords in the password field. Instead of displaying ****'s in the password field, it will display the real password as you type, as shown below.
Personally, I don't use this add-on, as I don't want anybody looking over my shoulder to see the password and I don't make lot of typos. But, I can see this add-on being very helpful for those who make lot of typos.
Fig.06: Unhide Password
7. Password Exporter
Using Password Exporter, the website login information stored in the Firefox in-built password manager, can be exported either to a XML file or CSV file. This may be required when you want to either move the login information from Firefox to another password manager or move the login information to a Firefox running on another computer.
Following fields will be exported:
- Hostname
- Username
- Password
- formSubmitURL
- httpRealm
- usernameField
- passwordField
To launch the password exporter, click on Tools menu → Options → Security Tab → Import/Export Passwords.
Fig.07: Password Exporter
As a final note, avoid the temptation of using the same password for all websites, or using a weak password, or writing down the password on a piece of paper etc., Use the best practices in assigning passwords to all your online accounts, which will save lot of head-aches for you later. The Ultimate Guide for Creating Strong Passwords talks about guidelines for creating strong password, avoiding weak password and common sense about passwords, which lot of us tends to ignore.
Also, please refer to Hire 7 Personal Bodyguards to Browse Internet Securely that talks about 7 powerful security related Firefox add-ons.
See also:
- Desktop Password Mangers - Linux password manager that also works under Windows / OS X
This article was written by Ramesh Natarajan. At the The Geek Stuff blog he shares his knowledge and experience on Linux and other Geeky stuff. He has more than 15 years of experience in IT industry and has performed very intensive work on Linux system administration, DBA, Hardware and Storage. nixCraft welcomes readers' tips / howtos.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
{ 7 comments… read them below or add one }
Good article,
I also use foxmarks to keep my boxes’ passwords (safely, i hope) synchronized, as well as my bookmarks. I’ll give some of these recommendations a try, tough.
Great article… foxmarks rocks..
Mmmm yummy:
GRC Ultra High Security Password Generator
If you are looking for a good way to generate a unique, random password (alphanumeric, hex, or all printable characters), GRC is by far the easiest way to go, just open, cut, and paste. Plus, you also eliminate the possibility of a keylogger ever capturing your password (as long as you continue to only cut and paste it).
http://www.gnucitizen.org/blog/firefox-malware/
Maybe one should consider putting so much trust in mozilla.org’s servers, and more than that trust all these firefox addons. This article just skims the surface on how easy it is to obfuscate malicious code in jar files, and firefox addons in general. So now lets involve something as important as passwords with this so very secure trusted third party, and also mozilla.org’s server storing all these addons. I mean nobody would attack something as unpopular as mozilla.org, right? Not.
concerned:
it is time to start to concerrn about your knowledge on firefox password scheme. Firefox does not store user passwords on its servers rather it stores on users’ computers.
Right? Yes;-)
Thanx for the list…
Another cool password addon better than unhide passwords is Show Password. You might want to include it in your list.
https://addons.mozilla.org/en-US/firefox/addon/10174
LastPass is the one I use.
FF passwords are NOT safe anymore.
Reformat and re-install your OS? Add the lastpass plugin back into FF and login with your identity email address and “Master Password” and your passwords are there for all the sites you saved.
Got a WinTendo machine at work? Add the lastpass plugin in FF, login with your identity email address and “Master Password” and your passwords are there.
There are NOT sent in the clear and NOT stored on the Lastpass server.
Great plugin.