[e12e]

Why not? Anything particularly bad with how Mozilla encrypts and stores passwords (when a suitable pass-phrase is chosen)?

Unless you're using some form of one-time token, a compromised browser process could still expose your passwords (not to mention that it of course have access to whatever data you protect with that password (emails, documents etc)).

[tehwalrus]

Does firefox actually encrypt them and require a master password to open them up? Times have clearly moved on... Back in the day, it (or whichever browser I was using in 2009) used to just autofill the passwords for the site, I assumed they were just encoded somewhere, not encrypted.

I use a mixture of things I've been meaning to consolidate for a while... all of which are a big list of unique (obviously) passwords stored somewhere encrypted by a long password.

[fernandotakai]

This is a good (albeit old-ish) article on extracting passwords of firefox, chrome and IE http://raidersec.blogspot.com.br/2013/06/how-browsers-store-...

[wtbob]

> Does firefox actually encrypt them and require a master password to open them up?

Yes, and in fact Mozilla Weave is actually cryptographically really sharp.