%brandDTD; ]> Password Settings

Password Settings

This section describes how to set your password preferences, set your Master Password, and control other aspects of password handling.

For step-by-step descriptions of various tasks related to passwords, see Using the Password Manager.

In this section:

Privacy & Security Preferences - Passwords

This section describes the Passwords preferences panel. If you're not already viewing it, follow these steps:

  1. Open the &brandShortName; Edit menu and choose Preferences.
  2. Under the Privacy & Security category, click Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)

Password Manager

Password Manager preferences allow you to

For detailed information about using Password Manager, including how to override it for individual websites and how to view and manage stored passwords,see Using the Password Manager.

Encrypting Versus Obscuring

If you use Password Manager to save passwords and personal data, this sensitive information is stored on your computer in a file that's difficult, but not impossible, for an intruder to read. This way of storing information is sometimes described as obscuring. This is the default setting that applies to information stored by Password Manager.

For improved protection, you may choose to protect the file with encryption. Encryption makes it more difficult (but again, not impossible) for an unauthorized person to view your stored sensitive information. To turn on encryption you need to set a master password.

Using encryption versus obscuring for stored sensitive data is a tradeoff between improved security and convenience:

For more details, see Encrypting Stored Sensitive Information.

Password Manager

This section describes how to use the Password Manager dialog box to control your stored passwords. If you are not already viewing it, follow these steps:

  1. Open the &brandShortName; Edit menu and choose Preferences.
  2. Under the Privacy & Security category, click Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)
  3. Click Manage Stored Passwords.

Alternatively, open the Tools menu, choose Password Manager, and then choose Manage Stored Passwords from the submenu.

The Password Manager has two tabs:

  1. Passwords Saved: Click this tab to view the list of websites for which Password Manager has saved your user name and password—that is, the websites for which you selected Yes in response to Password Manager's request to store logon information.

    The second column shows the user name for each website. If the password is stored in encrypted form, (encrypted) appears after the user name.

    By default, stored passwords are not displayed.

    If you remove an entry from the list, the stored user name and password will be discarded, and you will need to log in manually the next time you visit that website.

  2. Passwords Never Saved: Click this tab to view the list of websites for which you selected Never for this site in response to Password Manager's request to store logon information.

    If a website is included on this list, you will always have to type in your user name and password manually when you log onto the website.

    If you remove an entry from this list, Password Manager will again ask you, the next time you log onto the website, whether to store your user name and password.

Regardless of which tab you are viewing, you can remove entries from the list as follows:

For more information about the Password Manager, see Using the Password Manager.

Privacy & Security Preferences - Master Passwords

This section describes the Master Passwords preferences panel. If you are not already viewing it, follow these steps:

  1. Open the &brandShortName; Edit menu and choose Preferences.
  2. Under the Privacy & Security category, click Master Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)

A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates.

For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.

The master password for the browser's built-in Software Security Device also protects stored sensitive information such as email passwords, website passwords, and other data stored by the Password Manager.

Each security device, whether it is software or hardware, has its own separate Master Password.

Change Master Password

You must remember your old master password to change it with the Change Password button.

This section describes the Change Master Password dialog box. If you're not already viewing it, follow these steps:

  1. Open the &brandShortName; Edit menu and choose Preferences.
  2. Under the Privacy & Security category, click Master Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)
  3. Click Change Password.

A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates.

For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.

The master password for the browser's built-in Software Security Device also protects your master key. Your master key is used to encrypt sensitive information such as email passwords, website passwords, and other data stored by the Password Manager.

You use the Change Master Password dialog box to provide the following information:

If someone uses your computer who knows or can guess your master password, that person may be able to access websites while pretending to be you. This can be dangerous—for example, if you manage your financial accounts over the Internet.

Therefore, it's important to select a master password that's difficult to guess. The password quality meter gives you a rough idea of the quality of your password as you type it based on factors such as length and the use of uppercase letters, lowercase letters, numbers, and symbols. It does not guarantee, however, that no one will be able to guess your password.

For further guidelines, see Choosing a Good Password.

It's also important to record your master password in a safe place—and not anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as websites that require passwords or certificates stored on your computer.

Master Password Timeout

After you first set a new master password, you will be asked to enter it only when the newly launched browser first needs it to access personal information, such as a user name and password or personal certificates.

You can control how often the browser requests your master password:

Reset Master Password

Warning: If you reset your master password, you will permanently erase all the encrypted web and email passwords, saved on your behalf by Password Manager. You will also lose all your personal certificates associated with the Software Security Device.

To change your master password rather than resetting it, click the Change Password button in the Master Passwords preferences panel.

This section describes the Reset Master Password dialog box. If you're not already viewing it, follow these steps:

  1. Open the &brandShortName; Edit menu and choose Preferences.
  2. Under the Privacy & Security category, click Master Passwords. (If no subcategories are visible, double-click Privacy & Security to expand the list.)
  3. Click Reset Password.

Warning: If you reset your master password, you will permanently erase all encrypted web and email passwords, saved on your behalf by Password Manager You will also lose all your personal certificates associated with the software security device.

If you remember your master password and decide to change it, you can do so without danger of losing any personal information. If you are viewing the Reset Master Password alert and you decide you want to change your password rather than resetting it, click Cancel to return to the Master Passwords preferences panel, then click Change Password. For details, see Change Master Password.

Resetting your master password is a last resort that you should use only if you are absolutely sure you've forgotten it. The seriousness of the situation depends on how much personal data your forgotten master password protects.

Resetting your master password does not create a new password. Instead, it removes all the data your old master password protects. You will be asked to specify a new master password the next time the browser needs to store personal information.

After you reset your master password, you may also want to re-save personal information that you want to have prefilled in the future. For example, as you browse you may want Password Manager to save website and email passwords again.In addition, any personal certificates associated with the software security device will be permanently erased and you will need to apply for new ones.

Note for smart card users: Each smart card has its own master password. The master password for a smart card protects only the data on that smart card (such as personal certificates). You can normally change the master password for a smart card (assuming that you remember it), but you cannot reset it.

Choosing a Good Password

Choosing a good password will help in keeping your personal information safe and private. To improve the security of your password, follow some or all of these suggestions:

You should avoid personal information that could be guessed. So the following common items should be avoided:

A good way to choose a secure but easily remembered password is to use the first character of each word in a phrase. For instance, StNh*nbsS stands for Surfing the Net has never been so Suite; the asterisk in the middle is included for increased security. (Don't use this password!)

To further protect your personal data, you are advised to follow these simple rules: