Results 1 to 14 of 14
  1. #1
    New Lounger
    Join Date
    Feb 2010
    Location
    Oklahoma City
    Posts
    18
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Does anyone know how to stop FF from remembering usernames? You know the little drop down box that
    "helps you along" when you re-enter your username in the username feild? (Is that part of windows?)

    I know Firefox includes a Password Manager that can save the passwords you use to log in to
    websites. This is easily disabled. See, I'm concerned about keyloggers.

    I typed in about:config in the address bar and set signon.autofillforms to false and it still
    does this. Anyone have any better ideas? Am I worrying about keyloggers over nothing? I have a pretty
    secure network with patches and antivirus.

  2. #2
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    You shouldn't have to hack anything to disable autofill. What happens when you go to Tools/Options/Privacy and uncheck "Remember Search and Form History"? If that doesn't work are you running Google toolbar or another plug-in that is interfering? The way to check it is to disable them one at a time until you find the culprit.

    A keylogger will do screen scraping, that is capture the ID and password while you type. That's not to say its a good idea to cache passwords. Its not. I never store passwords in FF. But I'm not too concerned about user IDs being cached.
    Chuck

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    On FF, Tools, Options, Security. Uncheck Remember Passwords for sites
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Slough, Berkshire UK
    Posts
    928
    Thanks
    61
    Thanked 52 Times in 50 Posts
    Quote Originally Posted by scott v View Post
    Does anyone know how to stop FF from remembering usernames? You know the little drop down box that
    "helps you along" when you re-enter your username in the username feild? (Is that part of windows?)

    I know Firefox includes a Password Manager that can save the passwords you use to log in to
    websites. This is easily disabled. See, I'm concerned about keyloggers.

    I typed in about:config in the address bar and set signon.autofillforms to false and it still
    does this. Anyone have any better ideas? Am I worrying about keyloggers over nothing? I have a pretty
    secure network with patches and antivirus.
    If your worried about key loggers try using Keyscrambler. It does indeed stop any key logging software from reading what you type in password boxes especially useful if you do online banking. Can get it from Cnet.co.uk or just google it
    Clive

    All typing errors are my own work and subject to patents pending. Except errors by the spell checker. And that has its own patients.

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Argyll, Scotland, UK
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I would also recommend KeyScrambler for filling in security sensitive fields and forms. For managing passwords I use LastPass - a free cross-platform utility which works with most browsers - which remotely and securely stores your passwords in encrypted form. It will automatically store any log-in form field and when you first run it offer to disable Firefox's built-in password manager and delete any previously saved entries (which it will import first). It uses a log-in master password which you need to input every time you start your browser.

  6. #6
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    301
    Thanks
    65
    Thanked 39 Times in 30 Posts
    I use this method, at home and for travel:
    1. Open Notepad or equivalent. Save the text file after editing. Password protect it is even better.
    2. Type a title, such as L0nd0nBancChkAcct (note "zero" replaces "Oh").
    3. Line break.
    4. Type an entire line with gibberish (numbers, special characters); embed the password in it.
    5. To easily locate the password, put, say, "!&", before/after the password.
    6. Page break. Repeat procedure for another password.
    7. Save the text file.
    9. Put the text file in an USB flash drive, for travel and safe keep. Tie to house key is good practice.
    How to use:
    1. Open the text file first before open browser.
    2. Go to bank web site.
    3. Copy and paste the password to the web page.
    4. Best is copy and paste the **entire** line, then highlight and delete until the password is left.
    5. In 4., it even foils clip board monitoring.
    Why it helps?
    Since you do not type, key logging is foiled.
    Why embed password in an entire line of giberrish?
    If the robot got a hold of the text ...
    difficult to decode such a long 'password', all 72 characters!
    Not easy for a human either, IF you omit title text (the "LondonBank" text).

  7. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Lake Ariel, PA
    Posts
    20
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by S Caisson View Post
    I use this method, at home and for travel:
    1. Open Notepad or equivalent. Save the text file after editing. Password protect it is even better.
    2. Type a title, such as L0nd0nBancChkAcct (note "zero" replaces "Oh").
    3. Line break.
    4. Type an entire line with gibberish (numbers, special characters); embed the password in it.
    5. To easily locate the password, put, say, "!&", before/after the password.
    6. Page break. Repeat procedure for another password.
    7. Save the text file.
    9. Put the text file in an USB flash drive, for travel and safe keep. Tie to house key is good practice.
    How to use:
    1. Open the text file first before open browser.
    2. Go to bank web site.
    3. Copy and paste the password to the web page.
    4. Best is copy and paste the **entire** line, then highlight and delete until the password is left.
    5. In 4., it even foils clip board monitoring.
    Why it helps?
    Since you do not type, key logging is foiled.
    Why embed password in an entire line of giberrish?
    If the robot got a hold of the text ...
    difficult to decode such a long 'password', all 72 characters!
    Not easy for a human either, IF you omit title text (the "LondonBank" text).
    Or, use KeePass portable on your flash drive if you have a lot of passwords to remember. http://keepass.info/

  8. #8
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I use Last Pass as my password manager. It has gotten top reviews on Windows Secrets and many other sites, it's free and very easy to use.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  9. #9
    Star Lounger
    Join Date
    Oct 2002
    Location
    Blue Mountains, New South Wales, Australia
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you do store ANY passwords, I would strongly recommend that you use a MASTER PASSWORD. Click on TOOLS > OPTIONS > SECURITY and check USER A MASTER PASSWORD.

    With this technique, Firefox does not give access to the stored passwords UNLESS you enter you enter your master password.

    I have used Password safe from SourceForge for several years - very simple - and store and organise 200 nearly login names, passwords (and URLs)

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have just installed LastPass. I see that it claims to also encrypt data. Would that mean installing Key Scrambler not be necessary?

    Thx for the help and for this thread. I figured my passwords were safe in FF!

  11. #11
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by Miss Mae View Post
    I have just installed LastPass. I see that it claims to also encrypt data. Would that mean installing Key Scrambler not be necessary?

    Thx for the help and for this thread. I figured my passwords were safe in FF!

    If you are using Last Pass, it is not using keystrokes as would normally be the method to input data. I would think this would get around key loggers. I have always felt safe even on my banking site using last pass to supply log in info. You can also set aa Master Password to log into Last Pass before Last Pass will log into the site you wish to visit.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  12. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Curiousclive View Post
    If your worried about key loggers try using Keyscrambler. It does indeed stop any key logging software from reading what you type in password boxes especially useful if you do online banking. Can get it from Cnet.co.uk or just google it
    Keyloggers have moved miles beyond what keyscrambler, last pass and their kin can deal with. The keystrokes are still easily recoverable, and encrypted or hashed keystrokes are readily de-hashed and decrypted in a matter of minutes by programs which hackers use when analyzing keylogger data. Do not rely on this type of software to keep you safe -- it will not work in today's world.

    If you are really worried about keyloggers, REMOVE them using antispyware deep scans every week (more frequently if you do a lot of web surfing). That is your best and only defense.
    -- Bob Primak --

  13. #13
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by S Caisson View Post
    I use this method, at home and for travel:
    1. Open Notepad or equivalent. Save the text file after editing. Password protect it is even better.
    2. Type a title, such as L0nd0nBancChkAcct (note "zero" replaces "Oh").
    3. Line break.
    4. Type an entire line with gibberish (numbers, special characters); embed the password in it.
    5. To easily locate the password, put, say, "!&", before/after the password.
    6. Page break. Repeat procedure for another password.
    7. Save the text file.
    9. Put the text file in an USB flash drive, for travel and safe keep. Tie to house key is good practice.
    How to use:
    1. Open the text file first before open browser.
    2. Go to bank web site.
    3. Copy and paste the password to the web page.
    4. Best is copy and paste the **entire** line, then highlight and delete until the password is left.
    5. In 4., it even foils clip board monitoring.
    Why it helps?
    Since you do not type, key logging is foiled.
    Why embed password in an entire line of giberrish?
    If the robot got a hold of the text ...
    difficult to decode such a long 'password', all 72 characters!
    Not easy for a human either, IF you omit title text (the "LondonBank" text).

    Also useless against today's keyloggers.
    -- Bob Primak --

  14. #14
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Slough, Berkshire UK
    Posts
    928
    Thanks
    61
    Thanked 52 Times in 50 Posts
    Quote Originally Posted by bobprimak View Post
    Keyloggers have moved miles beyond what keyscrambler, last pass and their kin can deal with. The keystrokes are still easily recoverable, and encrypted or hashed keystrokes are readily de-hashed and decrypted in a matter of minutes by programs which hackers use when analyzing keylogger data. Do not rely on this type of software to keep you safe -- it will not work in today's world.

    If you are really worried about keyloggers, REMOVE them using antispyware deep scans every week (more frequently if you do a lot of web surfing). That is your best and only defense.
    So just because no security software is100% you recommend using nothing. How silly.
    Using antispyware software is even more useless as the key logger has already got your info by the time you run a scan
    Clive

    All typing errors are my own work and subject to patents pending. Except errors by the spell checker. And that has its own patients.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •