I just found something disturbing in Firefox. All your saved passwords can be displayed with a few simple mouse clicks. Check this out if you use Firefox:

  1. Go to Options
  2. then Security
  3. then click the "Saved Passwords" button
  4. then click the "Show Passwords" button
  5. then click Yes at the prompt "Are you sure you wish to show your password?"
  6. And now saved passords are displayed in plain text.

This means that anyone can go to your computer while its unattended and view your passwords. And on my test computer passwords are saved and visible in this manner even though I have never asked Firefox to save passwords! This stikes me as a rather significant security flaw.

Other programs like Google Chrome and Microsoft Credential Manager also show saved passwords in plain text but before they do so the ask for your user password. This is a much better way to handle passwords.

A computer's security can be comprimised relatively easilly once a hacker has physical access to it but there's is no point in making so easy to access.