Passwords are the Achilles heel of your online privacy and security. Presently, passwords are the essentially the only way to access online accounts and with the diversity of login information to keep track of, the average user has to manage an arsenal of safe passwords. However, coping with dozens of complicated character strings isn’t a task that needs to be done manually. There are many tools that can assist you in managing our passwords and the most convenient ones are embedded right where you need them: in your browser.
We have recently published an article to walk you through the procedure of how to Use A Password Management Strategy To Simplify Your Life Use A Password Management Strategy To Simplify Your Life Use A Password Management Strategy To Simplify Your Life Much of the advice around passwords has been near-impossible to follow: use a strong password containing numbers, letters and special characters; change it regularly; come up with a completely unique password for each account etc.... Read More . In this article I focus on addons that take the suggested tools and add them directly to your favorite browser, i.e. Firefox.
Enhance The Default Password Manager with Saved Password Editor
Firefox has an internal password manager, which is a good alternative if you want to stay on the lean side with addons. You can enable it under > Firefox > Options > Security. Set the check next to > Remember passwords for sites. You can also set a master password (highly recommended) and view saved passwords. Obviously, the features are quite limited. Most annoyingly, you cannot manually add passwords or edit existing entries.
Saved Password Editor adds the following functions to Firefox’ default password manager:
- open Saved Passwords dialog via toolbar button
- manually add and edit new entries
If the toolbar button isn’t added automatically, right-click on your toolbar and select > Customize… Locate the button, drag and drop it to the desired location, and click > Done to save your changes.
Store Passwords Locally in the KeePass Password Safe using KeeFox
If you are already using KeePass or if you prefer to store your passwords locally, get KeeFox to connect Firefox to your KeePass Password Safe.
KeeFox has the following main characteristics:
- adds KeeFox toolbar
- installs open source KeePass Password Safe (unless installed already)
- reads and writes passwords to local KeePass Password Safe
- passwords available to all applications on your computer
- sort login data by categories
A detailed KeeFox tutorial can be found here: KeeFox Tutorial
We have reviewed KeePass and KeePassX here:
- Using KeePass to Secure Your Online Accounts Using Keepass to Secure Your Online Accounts Using Keepass to Secure Your Online Accounts Read More
- KeePassX – Secure Password Management For Linux & OS X KeePassX - Secure Password Management For Linux & OS X KeePassX - Secure Password Management For Linux & OS X Read More
Store Passwords Online with LastPass Password Manager
The tool I am personally using to manage my passwords is LastPass. This online password manager comes with many great features and conveniently offers addons for various browser, including Firefox.
LastPass key features include:
- store passwords online, allowing you to access and manage them from multiple locations
- single click login
- store multiple usernames and passwords for same website
- organize stored passwords in groups
- manage forms
We have previously introduced Last Pass here: Securely Synchronize Your Browser Passwords With LastPass
Alternatives to KeeFox / KeePass and LastPass that offer Firefox addons have been reviewed in detail here:
- Dashlane – A Slick New Password Manager, Form Filler & Online Shopping Assistant Dashlane - A Slick New Password Manager, Form Filler & Online Shopping Assistant Dashlane - A Slick New Password Manager, Form Filler & Online Shopping Assistant If you've tried a few password managers before, you've probably learned to expect some roughness around the edges. They're solid, useful applications, but their interfaces can be overly complex and inconvenient. Dashlane doesn’t just reduce... Read More
Create Safe Passwords with LastPass or pwgen
Now that you have hopefully figured out how to best store your passwords, it’s time to talk about safe passwords. After all, who needs a password manager, if all their passwords are the same. If you are truly serious about security, you should have a different password for every single account. You can use a system to create these passwords yourself. If you are willing to rely on a password manager, however, you can use a random password generator.
If you decided to go with LastPass as your password manager, click [ALT] + [G] or access the password generator through the LastPass toolbar button and then go to > Tools > Generator Secure Password. Using advanced options you can define password length and other characteristics that affect the strength of the generated password.
If you are looking for a standalone tool, try pwgen. This password generator addon has the following features:
- toolbar button showing a red on black P
- clicking the button creates and instant password and copies it to clipboard
- ability to customize default options, including password length or special characters used
Prefer to create passwords manually? Get ideas from these articles:
- How To Create Strong Passwords That You Can Remember Easily How To Create Strong Passwords That You Can Remember Easily How To Create Strong Passwords That You Can Remember Easily Read More
- How To Create A Good Password That You Will Not Forget How to Create a Strong Password That You Will Not Forget How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More
How do you manage your passwords and what other Firefox addons would you add to the list?
Image credits: Password Button via Shutterstock
Uploading passwords to an online database is just the most stupid decision for anyone.
Ok i just did a search for "lastpass hacked" and there are plenty of results that scare me off from using Lastpass. Its only a matter of time before Lastpass is hacked again so its not a service for me.
John,
Show me one service that has not been hacked or is unhackable. I'll call it Titanic. :)
So you think its ok to store passwords on Lastpass because it and other services can be hacked. Well i prefer to be secure so Lastpass should not be promoted for password storage as its clearly not secure. Lastpass is a prime target for hackers so is not secure.
Just how secure is LastPass i just dont trust storing my password online its only a matter of time before the LastPass site is hacked and that is a big worry.
This was a good article on storing secure passwords on your Linux computer.
useful and informative.
i recommend using last pass :)
I have the WOT Add-on. I was going to install Puzzle 0.5.3. I clicked on "More" and on that page I clicked on the Homepage link: http://canvas.freehost.pl/ and WOT shows it to be a very low rated site! So, I didn't bother installing it. From now on I will ALWAYS click "More" and go to the developer's site before installing any Add-on.
Norton Identity safe is the best choice for password management.
I'm a Firefox user and have been using (and become totally dependent on) the PasswordMaker (www.passwordmaker.org) extension for many years. There are different versions, but the firefox extension is the most full featured.
The thing I like best about it is it doesn't store passwords *anywhere* - it generates them on the fly every time using the selected algorithm (choice of many), and basing the password on different factors that results in a unique, strong (as strong as you want it to be) password for each site.
You can create custom accounts for different sites with different settings for each, and it can auto-populate the username and password on most web forms - but you can also use a custom account to create/generate a password for anything (doesn't have to be a web form).
It isn't perfect, and there are missing features (the ability to sort/filter/search accounts, use multiple settings files, sync settings, etc), but its benefits outweigh its drawbacks. I have considered switching to something like KeePass or LastPass in the past, and still may some day, but for now, PasswordMaker does everything I need.
Thank you for sharing, Charles!
And re my post on not using browser's default password managers, coincidentally I just run across an article reporting how the password cracking utility John The Ripper has just been updated with the ability to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains.
Word to the wise.
It's important not to use the default browser password manager. According to one study of a botnet's respository, sixty percent of the passwords found came from a browser's password cache. While most of them might have just been poor passwords, it's likely the browser password cache doesn't protect passwords as well as the sorts of add-ons mentioned in the article.
It's also important to check the sites for these add-ons periodically to make sure you keep them updated should any security vulnerabilities be found in them in the interim.
Thanks for the heads-up, Richard!
Currently I use KeePass, which mean I need mono on my linux machines.
However, I used JPasswords (http://sourceforge.net/projects/jpws/) for a long while. It's unassuming at first, but you will find it packed full of great features. The one drawback is that it doesn't have an auto-type feature which was became a deal breaker for me.
On the up side, JPasswords does take user input and they did implement my "open url and auto copy password to clipboard" request so the user only needs to Ctrl + V to paste the password.
If JPasswords gets to a full auto-type feature, I will likely make the move back as it's Java based making it more platform compatible.
I use KeepassX on my linux computer you dont need mono for that. give KeepassX a try ;-)
Tina,
This is a good article. After reading a lot of reviews, I finally started using a password manager, and selected Lastpass.
I am waiting for more sites to start two factor authentication, like Yahoo!, Google, and Facebook. Google does it right. If you don't want a text message, it makes a voicecall to your phone, and recites your verification code.
David,
I agree, social logins are awesome because it means you don't have to create yet another account. On the other hand, if one of them gets hacked, you potentially lose access to a whole range of other sites.
1Password has some nice features. I picked it up in a bundle offer, but I mostly use LastPass. Too many login/passwords to remember these days, and you don't want to use the same password for everything.
Thanks for the info.
Check out the old reliable Password Safe for offline password management : http://passwordsafe.sourceforge.net/ But definitely Lastpass for online!
Thanks for the recommendation!
This article was specifically about Firefox addons, but of course there are many other great tools and many of the above are available as a standalone or for other browsers.