re: saving passwords in a browser: oh yeah, people still do that. I haven't for years. I leave a few auth cookies around, true, but not for sensitive sites.
Why not? Anything particularly bad with how Mozilla encrypts and stores passwords (when a suitable pass-phrase is chosen)?
Unless you're using some form of one-time token, a compromised browser process could still expose your passwords (not to mention that it of course have access to whatever data you protect with that password (emails, documents etc)).
Does firefox actually encrypt them and require a master password to open them up? Times have clearly moved on... Back in the day, it (or whichever browser I was using in 2009) used to just autofill the passwords for the site, I assumed they were just encoded somewhere, not encrypted.
I use a mixture of things I've been meaning to consolidate for a while... all of which are a big list of unique (obviously) passwords stored somewhere encrypted by a long password.
Unless you're using some form of one-time token, a compromised browser process could still expose your passwords (not to mention that it of course have access to whatever data you protect with that password (emails, documents etc)).