For users, the browser is the key to their online lives. It holds their histories, their secrets, tracks their movements and stores their passwords. So for attackers, the browser is the fattest, juiciest target. Securing browsers is hard, but there are some simple, effective steps you can take that will make a major difference.
When a browser asks you if you want it to store, save, or remember your password and you allow it to do so, it actually does store your password in the browser. On Mozilla Firefox and Google Chrome, at least, you can actually look these passwords up in plain-text, meaning they aren’t encrypted, obscured, or hidden in any way.
As Eric Geier pointed out in a report for PC World in August, Mozilla Firefox does the best job of this because it allows you to establish a master password that obscures all the rest of your passwords. If you don’t establish a master-password, then anybody could jump on your computer, access the settings in Firefox, and access all your passwords. Of course you should be careful of letting other people access your PC with your password.
Beyond this, Firefox has a few other helpful security and privacy settings as well. You can find them in the Firefox pull-down menu under ‘options.’
- In the privacy tab you can choose to opt out of web-tracking. For those of you that don’t know, some web applications will track your browsing so that advertisers can target advertisements for you. Firefox supports ‘Do Not Track,’ so if you check the box that says ‘Tell websites I do not want to be tracked,’ your browser will ask these web apps not to track you as you browse the Web.
- If you click the ‘security’ tab in the Firefox options menu there are a few more features that will help increase your security online. You can choose to be warned when sites try to install add-ons. With this feature enabled, Firefox will block automatic installations when a site tries to install an add-on without your permission. If you want the add-on, then you can allow it, but oftentimes these installations are unrequested and sometimes they are even malicious. You can also choose to block reported attack sites. With this feature enabled, Firefox will warn you if you accidentally or intentionally browse to a site that is known to interfere with normal computer functions or send personal data about you to unauthorized parties. You are also offered the option to block reported web forgeries. This feature helps root out phishing attempts by letting you know when Firefox thinks a site is trying to trick you into providing personal and or valuable information.
- At the bottom of the security tab is where Firefox handles the password management we discussed above. You can choose to allow or not allow password storage and, if you allow it, you can choose to protect the list of passwords with a master password.