Loading ...Strengthen Firefox autofill feature
By default, Firefox automatically fills out usernames and passwords you have entered in a login form before. Though it is nice and speeds things up, it has also proved to be a security weakness due to how Firefox identifies a login form.
Secure Login, a Firefox extension developed by Sebastian Tschan, solves this problem and adds a couple of new tricks to password retrieval. First it deactivates autofilling and adds a status bar icon (or toolbar button) that lights on when it detects there are credentials available for the web site.
Press Alt + N (the hotkey can be customized as well), or click on the status bar icon or the toolbar button and credentials are filled out and the form is automatically submitted saving one click in the process. If more than one credential is available, a list is prompted to quickly select from it.
Secure Login also brings an interesting feature: it “doesn’t use the login form for sending the login data and therefore gets around malicious JavaScript event handlers”, explains Tschan, which helps prevent cross-site scripting (XSS) attacks used to steal private information or access local files.
By default it adds an item to the Tools menu which, fortunately can be disabled from the extension options and it can also be configured to play the sound of your choice when credentials are detected. An excellent extension.
Mozilla Add-ons is currently closed for updates as they upgrade it so the version available there is not current. For the the latest version (reviewed here), visit the developer’s web site.
Usefulness: 5/5 - Features: 5/5 - Usability: 5/5
Update: Thanks to Sebastian Tschan for the clarifications.
Subscribe RSS
Subscribe email
March 7th, 2007 at 11:32 pm
The Remora (next version of AMO) DevCP is now accessible at http://preview.addons.mozilla.org/
Once the developer has uploaded the latest version there, it will be available from http://preview.addons.mozilla.org/en-US/firefox/addon/4429
[Reply]
March 8th, 2007 at 9:02 am
FYI: XSS is the righ, commonly used abbr. for Cross Site Scripting.
[Reply]
March 8th, 2007 at 2:19 pm
funTomas, indeed, I was sleepy. Thanks!
[Reply]
March 14th, 2007 at 2:15 pm
Thanks for your article.
Just a few corrections:
- My name is spelled “Sebastian Tschan”.
- The keyboard shortcut (ALT+N) can be changed since version 0.6.2
- The “JavaScript protection on login” option doesn’t disable JavaScript temporarily, it just doesn’t use the login form for sending the login data and therefore gets around malicious JavaScript event handlers
I already uploaded the newest Secure Login version (currently 0.7.1) to the new developers control panel (preview.addons.org), but they have a new concept called “sandbox” and therefore the new version so far isn’t public.
Greetings,
Sebastian
[Reply]
March 14th, 2007 at 2:34 pm
Sebastian: Thanks for the clarifications. Updated.
[Reply]
January 19th, 2008 at 1:52 pm
How do I enable auto fill for my e-mail addresses?
[Reply]