Save your passwords with Mozilla’s Weave
published: July 1st, 2008
partners:
Save all your passwords and session identifiers in the cloud with Mozilla’s Weave. What do you think about that?
Now this is not entirely unique feature to Mozilla only. We’ve seen the same trend with Microsoft’s Live Mesh and I suspect that Adobe and Yahoo are currently working on their own clones. These types of technologies totally change the rules of the game. Now picture this: what if your corporate employee uses the same password for their flickr account as their VPN/Email logon? Hack the cloud, get the goodies!
comments
Pshaw, no one uses the same password for their social networking account as their VPN account ;-)
I hope not. :) I was speaking figuratively…
Wouldn’t surprise me if many do!
word!
you have no idea ;) this is not to underestimate.
i.e. students using VPN to connect to their university which is pretty common nowadays
etc etc
What a nice single point of compromission for dummy users… and others ;-D
Er, doesn’t Weave store everything encrypted on the server?
Not to say that the user’s machine could not be compromised and the key discovered, but if that happens then local data is compromised too.
This does open up the possibility for mass compromise if there is some kind of weakness in the encryption algorithm, key strength, etc. though I suppose.
Robert is correct; everything on the server is encrypted with your passphrase, so that even Mozilla’s server admins don’t know what you’re storing, and this is in addition to yet another password that protects access to the encrypted data.
You can learn more about the technology behind it here:
http://www.toolness.com/wp/?p=41