Tuesday 24 March 2009

So, you think it's convenient to get your browser to remember passwords?.... what if a virus/worm attacks and harvests those passwords???

Gulp!!! Yes, I'm guilty as charged.... I thought the same - "Oh, it's so convenient to use the browser's "secure login" add-on" [for Firefox users] or Ctrl-Enter for Opera's "Magic wand" functionality. BUT.... yes, there's a big but....
In the light of more and more vicious viruses and worms out there - I'm sure that it's relatively easy for one of them to export your browser's passwords to a file and post it to their "repositories"?
Maybe, maybe not - but for me, I'd rather be safe than sorry, and so I have decided to use a more secure way of storing my (very) numerous passwords.
I've decided to use KeyPass (http://keepass.info/index.html) that's free and there are tools to export the passwords from Firefox and Opera so that the migration is painless:

1) Export your Firefox passwords to xml using this Add-on:
https://addons.mozilla.org/en-US/firefox/addon/2848
Install it, and export all your passwords into an xml file onto your computer.
NOTE: This xml file contains ALL your passwords (and matching web page addresses) in an UNencrypted form - so be careful with this file.

2) To import the passwords into KeePass you'll need to convert the XML into CSV format - so that KeePass understands.
Use this tool to do the conversion: http://keepass.info/extensions/base/convert_to_csv/FirefoxXmlTo1xCsv-01.zip
Download the zip file to your computer;
Unzip it to a folder
Drag and drop the xml file over the xml2csv.exe (literally - this means drag 'n drop) - and it creates a new file in the directory where your XML resides - with the XML-Filename extended by "_EXPORT.csv"

3) In KeyPass: File->Import From->csv file->select the .csv file -> Open
and your passwords will be imported :)

4) Go to a web site that requires a password and (in KeyPass) right click on the entry and select "Perform Auto-Type"
The username and password will be entered automatically into the web site.

For Opera users:
See this blog for more info: "Using KeePass with Opera" http://jean-francois.im/2009/03/using-keepass-with-opera.html

...and your passwords are now securely stored inside KeePass's encrypted master password protected environment.

Oh.... don't forget to delete those passwords inside your browser's "Secure login" and "Magic Wand"!

No comments:

Post a Comment

Live Traffic Feed

 

Be notified of
page updates
it's private
powered by
ChangeDetection

Copyright © 2008 HandyTechTipper. All articles are released under the Creative Commons Attribution 2.5 South Africa license, unless where otherwise stated.