Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Firefox Security IT Technology

Firefox To Get a Random Password Generator, Like Chrome and Safari (zdnet.com) 51

Posted by msmash from the up-next dept.
Mozilla is adding a random password generator to Firefox. From a report: The Firefox random password generator is expected to become publicly available for all Firefox users with the release of Firefox 69, scheduled for release in early September, roughly a year after Chrome 69. Currently, the random password generator is only available in Firefox Nightly, a Firefox version for testing new features before they land in the stable branch. When Firefox 69 will be released, the random password generator is expected to be available as a checkbox in the Firefox settings section, under "Privacy & Security," under "Logins and Passwords."
This discussion has been archived. No new comments can be posted.

Firefox To Get a Random Password Generator, Like Chrome and Safari More

Firefox To Get a Random Password Generator, Like Chrome and Safari

Comments Filter:

  • Yes, but... (Score:1)

    by Anonymous Coward

    If you're using the random password generator, you're also saving it in Firefox's password manager. Which I haven't seen any credible analysis of in terms of trustworthiness or resistance to hacking. Personally, I'd rather keep my passwords in a separate password manager that isn't potentially exposed to javascript and other attacks online. Hint: Keepass, which has included a random (or pseudo-random, or derived from previous password, with various options for what collections of characters to use) password

    • There was an extension that integrated with gnome keyring, but it's broken since quantum. Bug https://bugzilla.mozilla.org/s... [mozilla.org] (summary: no platform specific code will be merged an no one is working an a platform agnostic api).

    • It would be nice is Firefox can encrypt synced data. Even Chrome can be configured to require a decryption password to access synced data across multiple machines.

      As for passwords, maybe Firefox could do something similar to 1Password: Have their own sync service, piggyback off of existing cloud services (GDrive, Dropbox, OneDrive), or just have syncing done manually. That way, a user can control of where their passwords are physically stored.

      Maybe Firefox could up the ante a bit. Each endpoint would ha

  • 'Random' based on what, precisely? (Score:3)

    by Rick Schumann ( 4662797 ) on Friday June 28, 2019 @06:16PM (#58842888) Journal
    I know a little bit about random bit generation. If there ever was a Black Art when it came to something electronic, it's generating non-deterministic random bits in silicon. Not knowing what Firefox is using to generate a random bitstream with which to generate random characters for a password, I would not be inclined to trust it any farther than I could throw it, as many so-called 'random' sources can be compromised in one way or another. No thanks, I'll stick to my own personal algorithm for generating passwords -- and I won't be trusting Firefox to store them for me either.
    Probably okay for things that require a password but that aren't critical or sensitive though.

    • Re:'Random' based on what, precisely? (Score:5, Informative)

      by tlhIngan ( 30335 ) <[ten.frow] [ta] [todhsals]> on Friday June 28, 2019 @06:45PM (#58843090)

      I know a little bit about random bit generation. If there ever was a Black Art when it came to something electronic, it's generating non-deterministic random bits in silicon. Not knowing what Firefox is using to generate a random bitstream with which to generate random characters for a password, I would not be inclined to trust it any farther than I could throw it, as many so-called 'random' sources can be compromised in one way or another. No thanks, I'll stick to my own personal algorithm for generating passwords -- and I won't be trusting Firefox to store them for me either.
      Probably okay for things that require a password but that aren't critical or sensitive though.

      Well, the worst RNG is the PRNG built into the C library. A good RNG is the OS provided one - every modern OS has a source of randomness usually seeded with non-deterministic events, like packet arrival times, keystrokes and other things to provide the necessary entropy.; Even hardware RNGs are pretty decent too, using good sources of non-deterministic events. Of course, nothing beats a true hardware RNG...

      I would suspect Firefox would use the OS provided RNG because it'll generate good enough passwords.

      • FWIW I know for a fact that Intel CPUs and PCHs have a random bit generator in them based on what I can only describe as 'an intentionally unstable oscillator', and they do quite a bit of validation testing of them to get them to be as non-deterministic and uncompromisable as possible.

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        I'd hope it will be using the OS's RNG. Most systems provide a crytographically sound RNG for applications, seeded by a variety of sources including on-CPU RNGs, system timers, user inputs, storage response times and the like.

    • Re:'Random' based on what, precisely? (Score:5, Informative)

      by rgmoore ( 133276 ) <glandauer@charter.net> on Friday June 28, 2019 @06:51PM (#58843134) Homepage

      Even a bad PRNG is going to generate better passwords than most humans. If you already have a good system for generating and storing random passwords, great; Firefox won't keep you from continuing to use it. But for the majority of people who are making up their own passwords, whatever Firefox provides is likely to be a massive improvement.

  • Random? (Score:4, Funny)

    by Aethedor ( 973725 ) on Friday June 28, 2019 @06:28PM (#58842970)
    Will it be a random-password generator or a random password-generator?

  • Don't forget to paste it in Notepad so you don't forget that crazy thing!

    Will this help me with block chains in my cloud?

    • And email it to yourself so you always have it

      Most places let you reset your password via email, so if an attacker has access to your email you're already screwed. Having a cleartext password saved there is barely better than wiating for a reset link to arrive and clicking it.

  • Save me some time please (Score:3)

    by AndyKron ( 937105 ) on Friday June 28, 2019 @10:02PM (#58843872)
    What I'd really like is an integrated random Deepak Chopra quote generator.
  • I wrote one in 10 minutes, 10 years ago: document.write((Math.floor(Math.random()*3656158440062976-1)).toString(36));//36^10 = 3656158440062976 Too easy. This is not a major new feature.

Slashdot Top Deals

Elliptic paraboloids for sale.

Close