Strengthen Firefox autofill feature

By default, Firefox automatically fills out usernames and passwords you have entered in a login form before. Though it is nice and speeds things up, it has also proved to be a security weakness due to how Firefox identifies a login form.

Secure Login, a Firefox extension developed by Sebastian Tschan, solves this problem and adds a couple of new tricks to password retrieval. First it deactivates autofilling and adds a status bar icon (or toolbar button) that lights on when it detects there are credentials available for the web site.

Press Alt + N (the hotkey can be customized as well), or click on the status bar icon or the toolbar button and credentials are filled out and the form is automatically submitted saving one click in the process. If more than one credential is available, a list is prompted to quickly select from it.

Secure Login also brings an interesting feature: it “doesn’t use the login form for sending the login data and therefore gets around malicious JavaScript event handlers”, explains  Tschan, which helps prevent cross-site scripting (XSS) attacks used to steal private information or access local files.

By default it adds an item to the Tools menu which, fortunately can be disabled from the extension options and it can also be configured to play the sound of your choice when credentials are detected. An excellent extension.

Mozilla Add-ons is currently closed for updates as they upgrade it so the version available there is not current. For the the latest version (reviewed here), visit the developer’s web site.

Vote for this review

Usefulness: 5/5 – Features: 5/5 – Usability: 5/5

Update: Thanks to Sebastian Tschan for the clarifications.