Is using the firefox master password more secure?
In the old days I would emphasise that people should not select the remember passwords option because a bad guy could display the password and read it there, and then use it later. These days the passwords can be encrypted using a master password, so the primary problem is gone.
So should I use this feature?
On the good side, it helps prevent phishing because it checks the domain name automatically. Also, am I just imagining, or does it also make the attacker's job more difficult?
Then on the bad side, if someone walked up to your computer just after you logged in to a gaming site, then they could probably pull up your banking password as your master password would still be in memory, would it not?
Either way, more in-depth attacks are equally capable of obtaining data regardless of which route you took?
Can you provide some guidance on how to decide whether to use the option, from a security standpoint?
Firefox Master password and encrypting them on your computer further than what the OS already offers shows this is nothing more than a security theatre. Although it is convenient, it still leads to risky practices, and even worse makes it easier to forget your passwords. The Actual Impact on Security A great quote about why Chrome doesn't use a master password even though it already encrypts them in your user area:
A great post on it from Justin Schuh: 'm the Chrome browser security tech lead, so it might help if I explain our reasoning here. The only strong permission boundary for your password storage is the OS user account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we've found that boundaries within the OS user account just aren't reliable, and are mostly just theater.
Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.
We've also been repeatedly asked why we don't just support a master password or something similar, even if we don't believe it works. We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that's really what they get.
This shows one thing: You're trying to protect your information at the wrong end of the chain. Make sure your OS and computer are safe. That will go miles further than encrypting your passwords in static storage on the same machine you use to browse the web. If you want to store your passwords, store them encrypted in another machine that isn't connected to anything. That way if your system gets taken control of, you are still safe. This is akin to saying just because I'm not an Admin I'm a safe user. No, you really aren't. Your preconceived notions are still wrong. Just because you think it is, doesn't mean it is. The Downfall of the User Okay you decide to go through with it anyways, and you've already got a nice list of the pros there in your question. Now let's look at the cons. Cons
- Make it easier to forget your other passwords You no longer have it to actually remember them, just a master password. Humans are animals of habit, and this habit will overwrite your good memory with bad habits.
- Propagates risky behaviour and lazy thinking This does not make your computer or web browser safe. AT ALL. It only gives a false sense of security, and helps to try and keep you from being phished. However the only real defence against phishing is to not get phished and to make sure you don't visit sites you don't trust.