Wednesday, October 7, 2009

Basic Firefox Security Hint: Don't Save Passwords and User IDs

This was first going to be a rant against my bank.  I started here with a Washington Mutual Account.   When their loans went bust, like many banks they got bought by a larger bank.   Chase got them, and me in the bargain.

This month when I went to do the banking and balance the checkbook, I logged into WAMU and was told that Wamu is becoming Chase.   When I got to the check account it said go to Chase.   Chase said that basically they couldn't find a cookie and that made them a Sad Panda.  I could make them happy again by jumping through hoops and registering my laptop with them by their putting a brand new spanking cookie on my machine.

Oh Freakin' Joy.

What this misses is that I am security conscious.   I have a laptop.   They get stolen.   I keep very little on this machine and I have Firefox set to delete all cookies when I close it.   So next month, I'll go to Chase and will have a Sad Panda... Again.    Bloody stupid pain in the bollocks.

Ok, So Security training has gotten me irked.   But it brings up a very important problem that the banks cannot solve this way.   Saved Passwords.


Why?  Because Criminals will break into your house and look for your computer, CPU, Desktop, Laptop, Mac, what have you and make it their own.   If you save your password, and you save your cookies because the bank is more needy than your 16 year old girlfriend when you were in High School, then they turn it on, start up your browser, find your history and links ... you're toast.

I have a very comprehensive list of saved bookmarks.   In fact its so big I have to back it up so I don't have to try to recreate the thing.   But nobody has my user name or password.   I have to remember them myself.

On the other hand, even I don't have a saved cookie so I'm the Sad Panda. 

So If you find this interesting, useful or entertaining, feel free to click on an ad.  Heck, even if you don't... You'll make me happy when I look at the stats.  Thanks!

No comments:

Post a Comment