%brandDTD; ]>
This section describes how to set your password preferences, set your Master Password, and control other aspects of password handling.
For step-by-step descriptions of various tasks related to passwords, see Using the Password Manager.
This section describes the Passwords preferences panel. If you're not already viewing it, follow these steps:
Password Manager preferences allow you to
For detailed information about using Password Manager, including how to override it for individual websites and how to view and manage stored passwords,see Using the Password Manager.
If you use Password Manager to save passwords and personal data, this
sensitive information is stored on your computer in a file that's
difficult, but not impossible, for an intruder to read. This way of storing
information is sometimes described as obscuring
. This is the default
setting that applies to information stored by Password Manager.
For improved protection, you may choose to protect the file with encryption. Encryption makes it more difficult (but again, not impossible) for an unauthorized person to view your stored sensitive information. To turn on encryption you need to set a master password.
Using encryption versus obscuring for stored sensitive data is a tradeoff between improved security and convenience:
For more details, see Encrypting Stored Sensitive Information.
This section describes how to use the Password Manager dialog box to control your stored passwords. If you are not already viewing it, follow these steps:
Alternatively, open the Tools menu, choose Password Manager, and then choose Manage Stored Passwords from the submenu.
The Password Manager has two tabs:
Yesin response to Password Manager's request to store logon information.
The second column shows the user name for each website. If the password
is stored in encrypted form, (encrypted)
appears after the user
name.
By default, stored passwords are not displayed.
If you remove an entry from the list, the stored user name and password will be discarded, and you will need to log in manually the next time you visit that website.
Never for this sitein response to Password Manager's request to store logon information.
If a website is included on this list, you will always have to type in your user name and password manually when you log onto the website.
If you remove an entry from this list, Password Manager will again ask you, the next time you log onto the website, whether to store your user name and password.
Regardless of which tab you are viewing, you can remove entries from the list as follows:
For more information about the Password Manager, see Using the Password Manager.
This section describes the Master Passwords preferences panel. If you are not already viewing it, follow these steps:
A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates.
For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.
The master password for the browser's built-in Software Security Device also protects stored sensitive information such as email passwords, website passwords, and other data stored by the Password Manager.
Each security device, whether it is software or hardware, has its own separate Master Password.
You must remember your old master password to change it with the Change Password button.
This section describes the Change Master Password dialog box. If you're not already viewing it, follow these steps:
A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates.
For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.
The master password for the browser's built-in Software Security Device also protects your master key. Your master key is used to encrypt sensitive information such as email passwords, website passwords, and other data stored by the Password Manager.
You use the Change Master Password dialog box to provide the following information:
You did not enter the current correct Master Passwordafter you click OK. If this happens, you must retype your current password.
If someone uses your computer who knows or can guess your master password, that person may be able to access websites while pretending to be you. This can be dangerous—for example, if you manage your financial accounts over the Internet.
Therefore, it's important to select a master password that's difficult to guess. The password quality meter gives you a rough idea of the quality of your password as you type it based on factors such as length and the use of uppercase letters, lowercase letters, numbers, and symbols. It does not guarantee, however, that no one will be able to guess your password.
For further guidelines, see Choosing a Good Password.
It's also important to record your master password in a safe place—and not anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as websites that require passwords or certificates stored on your computer.
After you first set a new master password, you will be asked to enter it only when the newly launched browser first needs it to access personal information, such as a user name and password or personal certificates.
You can control how often the browser requests your master password:
Warning: If you reset your master password, you will permanently erase all the encrypted web and email passwords, saved on your behalf by Password Manager. You will also lose all your personal certificates associated with the Software Security Device.
To change your master password rather than resetting it, click the Change Password button in the Master Passwords preferences panel.
This section describes the Reset Master Password dialog box. If you're not already viewing it, follow these steps:
Warning: If you reset your master password, you will permanently erase all encrypted web and email passwords, saved on your behalf by Password Manager You will also lose all your personal certificates associated with the software security device.
If you remember your master password and decide to change it, you can do so without danger of losing any personal information. If you are viewing the Reset Master Password alert and you decide you want to change your password rather than resetting it, click Cancel to return to the Master Passwords preferences panel, then click Change Password. For details, see Change Master Password.
Resetting your master password is a last resort that you should use only if you are absolutely sure you've forgotten it. The seriousness of the situation depends on how much personal data your forgotten master password protects.
Resetting your master password does not create a new password. Instead, it removes all the data your old master password protects. You will be asked to specify a new master password the next time the browser needs to store personal information.
After you reset your master password, you may also want to re-save personal information that you want to have prefilled in the future. For example, as you browse you may want Password Manager to save website and email passwords again.In addition, any personal certificates associated with the software security device will be permanently erased and you will need to apply for new ones.
Note for smart card users: Each smart card has its own master password. The master password for a smart card protects only the data on that smart card (such as personal certificates). You can normally change the master password for a smart card (assuming that you remember it), but you cannot reset it.
Choosing a good password will help in keeping your personal information safe and private. To improve the security of your password, follow some or all of these suggestions:
You should avoid personal information that could be guessed. So the following common items should be avoided:
12345or
qwerty.
A good way to choose a secure but easily remembered password is to use the
first character of each word in a phrase. For instance, StNh*nbsS
stands for Surfing the Net has never been so Suite
; the asterisk in
the middle is included for increased security. (Don't use this
password!)
To further protect your personal data, you are advised to follow these simple rules: