You are here

Passwprd protecting firefox

9 posts / 0 new
Last post
lukeventura
Offline
Last seen: 16 years 10 months ago
Joined: 2008-01-20 23:00
Passwprd protecting firefox

Hello

Thanks for the portable apps, I think they are amazing.

I have one request, though:

Ideally I would like to have my portable firefox on a USB drive with all my cookies and passwords, and accounts saved in Firefox Portable.

Obviously I shouldn't be doing this, because if the disk gets into the wrong hands, it is a major security risk.

My proposal is that Firefox Portable (or even just my firefox user profile within this) could be password protected.

I am aware of one method of doing this, which involves the program TrueCrypt to encrypt the whole drive, but I am wondering if it is at all possible to simply have Firefox protected from access without the right password?

Thank you for any help!

Aciago
Aciago's picture
Offline
Last seen: 1 year 1 month ago
Joined: 2007-01-24 14:23
Hi

Luke and welcome to PortablaApps.

What you are requesting is a Firefox extension, and should be requested there, this site only portabilizes apps that already exist, without any other modification.

But... I have been looking for such an extension since 2006 and it doesn't exist yet... Sad

My suggestion, use the master password and don't leave your PDrive alone... Wink

If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report Biggrin

José Pedro Arvela
Offline
Last seen: 5 years 11 months ago
Joined: 2007-07-10 07:29
I had an idea

I think that PublicFox (a kiosk addon) can satisfy your needs.

If you block the right things, you can have a almost safe browser (no encryption tough). It can ask for passwords all the time (sometimes to many times).

Blue is everything.

rab040ma
Offline
Last seen: 5 months 1 week ago
Joined: 2007-08-27 13:35
passwords

There is a "master password" function in Firefox. It's just a checkbox.

Accounts and passwords are protected by the master password, if they are in the common username and password format. (You can go into Tools | Options | Security | Show Passwords and see which passwords it stores that way; the ones you see in that list are the ones that are protected by the Master Password, if you choose to use it.)

You could also keep your passwords in KeePass Portable.

As for cookies, that is a problem. Good sites can be set so your authentication status is not kept in a cookie (that is, you have to enter your password each time, or let Firefox or KeePass do it -- frequently there is a "remember me" check box which you can uncheck). That would be the most secure setting.

What you have left is information from cookies and history that can track where you've been, and occasionally reveal your username. You can look to see which cookies are kept. You should find that only a few sites are so sloppy That will let you decide how great the risk is.

MC

madcadder
Offline
Last seen: 14 years 8 months ago
Joined: 2007-11-16 09:07
I know I'm going to get

I know I'm going to get dinged for this but....

I have the Master Password set for FF.
I use GoogleToolbar and Google Browser Sync together to store my bookmarks, cookies, saved passwords, History (turned off), and "Tabs and Windows" (session saver).

I can't get KeePass to autofill correctly so I haven't moved to it yet. (still tinkering)

lukeventura
Offline
Last seen: 16 years 10 months ago
Joined: 2008-01-20 23:00
Google Browser Sync might

Google Browser Sync might actually be adequate, I'll investigate.

Thanks!

jaygo
Offline
Last seen: 11 years 3 weeks ago
Joined: 2006-04-24 23:39
Google browser sync +

Google browser sync + setting your firefox to flush all personal data on closing might do the trick. Personally, I don't like uploading my passwords over the internet, even tho google encrypts them.

An easy alternative is to setup a truecrypt volume using the "file" method. This means you're only creating a file on an existing volume (drive) and you don't have to truecrypt the whole drive. Then run firefox from within the truecrypt volume. Geek.menu makes this all very easy and is what I'm using along with G browser sync.

An example:
F: is your USB drive
F:\somefile

rab040ma
Offline
Last seen: 5 months 1 week ago
Joined: 2007-08-27 13:35
Truecrypt works great,

Truecrypt works great, unless you don't have admin privileges. That's the rub. (You can decript individual files with other tools, but not mount the volume to run Firefox or anything else. So you can't depend on it.)

MC

m-p-3
m-p-3's picture
Offline
Last seen: 7 months 2 weeks ago
Joined: 2006-06-17 21:25
Good security practices.

Unfortunately the cookies.txt file is not protected by the Master Password. However take the cookies.txt file from the USB key, move it to another Firefox profile will be able to sign on to your saved account(s) without knowing your password(s). Pretty scary, I just tested it.

My recommendations would be
1-Use the master Password (strong password is important) feature to save accounts informations
2-Set Firefox to clear the cookies at everytime the browser close
3-Disable the session restore functionnality

This should reduce to a minimum the chances of account thief in case the Thumbdrive is lost, or at least gives you enough time to react and do some password changes ASAP.

If the cookies themselves could be encrypted with the Master Password key, that would be more convenient and much more secure for roaming users.

Log in or register to post comments