Privacy and Security Preferences - Web Passwords
This section describes how to use the Web Passwords panel. If you are not already viewing the panel, follow these steps:
- Open the Edit menu and choose Preferences.
- Under the Privacy and Security category, choose Web Passwords. (If no subcategories are visible, click to expand the list.)
Password Manager stores your user names and passwords on your computer's hard disk and enters them for you automatically when you visit the sites that require them. For detailed information about using Password Manager, including how to override it for individual sites and how to view and manage stored passwords, see Using the Password Manager
To activate Password Manager so that it automatically stores your user names and passwords and enters them for you as necessary, select the checkbox in the Web Passwords panel labeled "Remember passwords for sites that require me to log in."
To turn off Password Manager, deselect the same checkbox.
Encrypting Versus Obscuring
If you use Password Manager or Form Manager to save passwords and personal data, then this sensitive information is stored on your computer in a file that's difficult, but not impossible, for an intruder to read. This way of storing information is sometimes described as "obscuring."
For improved protection, you may want to protect the file with encryption. Encryption makes it nearly impossible for an unauthorized person to view your stored sensitive information.
To turn on encryption for sensitive information stored on your computer, select the checkbox in the Web Passwords panel labeled "Use encryption when storing sensitive data." If you have not previously set a master password, you will be asked to create one. To do so, follow the instructions as they appear on your screen. For an overview of the steps involved, see Encrypting Stored Sensitive Information.
To turn off encryption for sensitive information, so that it is obscured but not encrypted, deselect the checkbox.
Privacy and Security Preferences - Master Passwords
This section describes how to use the Master Passwords panel. If you are not already viewing the panel, follow these steps:
- Open the Edit menu and choose Preferences.
- Under the Privacy and Security category, choose Master Passwords. (If no subcategories are visible, click to expand the list.)
In this section:
Change Master Password
A master password protects a security device, which is a software or hardware device that stores sensitive information associated with your identity, such as keys or certificates. For example, the browser has a built-in Software Security Device, and you can also use external security devices, such as smart cards, if your computer is configured to use them.
The master password for the browser's built-in Software Security Device protects your master key. Your master key is used to encrypt sensitive information such as email passwords, web site passwords, and other data stored by the Password Manager and Form Manager.
To set or change any of your master passwords, click the Change Password button in the Master Passwords preferences panel (or open the Tasks menu, then choose Privacy and Security, Password Manager, and Change Master Password).
You can then use the Set Master Password dialog box to provide the following information:
Security Device: Each security device requires a separate master password. For example, if you are using one or more smart cards to store some of your certificates, you should set a separate master password for each one. If more than one security device is available, a pop-up menu at the top of the Set Master Password dialog box allows you to choose the device whose password you want to change.
Old password: If you are changing an existing master password, you must first type the old password. If you don't type the old password correctly, you will see the message "Incorrect password entered" after you click OK. If this happens, your password has not been changed and you must start all over again.
Enter a new password: Type your new password into this field.
Enter the password again: Type your new password again. If you don't type it the second time exactly as you did the first time, the OK button remains inactive. If this happens, try typing the new password again.
If someone uses your computer who knows or can guess your master password, that person may be able to access web sites while pretending to be you. This can be dangerousfor example, if you manage your financial accounts over the Internet.
Therefore, it's important to select a master password that's difficult to guess. The password quality meter gives you a rough idea of the quality of your password as you type it based on factors such as length and the use of uppercase letters, lowercase letters, numbers, and symbols. For further guidelines, see the online document Choosing a Good Password.
It's also important to record your master password in a safe placeand not anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as web sites that require passwords or certificates stored on your computer.
Master Password Timeout
If you are using the Password Manager but are not using certificates, and if you have set a master password, the browser will ask you to enter the password only when the newly launched browser first uses the Password Manager or Form Manager to fill in personal information.
If you are using personal certificates, you can control how often the browser requests your master password. Here are some things you should consider when selecting these options:
- The first time it is needed. If you work in an office with strong physical security measures or if you feel that the consequences of somebody else using your computer to impersonate you are not extreme, click this radio button. This setting causes Certificate Manager to request your master password only the first time it needs access to the private key database after launching. Certificate Manager will not request the master password again until after you exit and relaunch the browser. This setting provides the lowest level of protection.
- Every time it is needed. If you are very concerned about the possibility that somebody else might be able to use your computer to impersonate you, click this radio button. This setting ensures that Certificate Manager will never access the private key database without first requesting your master password. This setting provides the highest level of protection.
- If it has not been used for blank minutes or longer. If you are somewhat concerned about the possibility that somebody else might be able to use your computer to impersonate you, but not enough to type in your master password at frequent intervals, click this radio button and fill in the box with a value you feel comfortable with. For best protection, this should be a fairly low number of minutes, such as 20.
This setting causes Certificate Manager to request your master password if it needs to access the private key database and the specified interval has elapsed since the last time it used the database. This setting is appropriate if you sometimes send or receive confidential information to or from web sites that support encryption.
Note that this setting provides little protection against someone using your computer to send a signed email message in your name.
Copyright © 1994-2001 Netscape Communications Corporation.