|
Title: Would you save your Mt.Gox password in Safari v5.1? Post by: toffoo on August 06, 2011, 03:32:58 AM I'm looking for someone who knows what they're talking about when it comes to Internet security in general and Mac OS X Lion in particular to help me out with some advice here: Since Mt.Gox's re-opening, I have started using a complex, un-memorizable, and barely typable new password. Since their security issues, it seems like they have also shortened the idle time after which they log you out to some unbearably short few minutes and it is driving me absolutely crazy trying to re-login with this password what seems like 50 times a day. I recently upgraded my Mac to Lion and Safari v5.1 and I noticed a new feature where it offers to save your passwords to secured websites. (Yes, I realize other browsers have offered this for ages, in fact I think older Safari did as well, but it looks like this has been reimplemented in v5.1 to actually store the password in Keychain.) I have a fairly rudimentary understanding of Mac OS and Safari internals, but I believe that Keychain is considered quite secure. However, with all the shenanigans around with Mt.Gox accounts getting hacked and Bitcoins getting stolen, I'm a bit nervous about storing this password right in my browser. Would you? Title: Re: Would you save your Mt.Gox password in Safari v5.1? Post by: Blackout on August 06, 2011, 03:37:17 AM If at all possible don't do the auto save password thing on anything but the most non important sites...... and don't use the same password or same style of passwords.
Yeah it gets annoying remembering all your passwords... but I certainly wouldn't save a bank or bitcoin or any important password in the 'browser remember password' thing. That's asking for a 3rd party virus thingy to come along and take it. Title: Re: Would you save your Mt.Gox password in Safari v5.1? Post by: ctoon6 on August 06, 2011, 03:01:00 PM i personally would not take anything made by apple, or Microsoft for that matter as secure. safari is one of the least secure browsers you can get, and lately a lot of exploits have been found on simple things like laptop batteries lawl.
Title: Re: Would you save your Mt.Gox password in Safari v5.1? Post by: thinkingBTC on August 06, 2011, 05:10:30 PM I use a lastpass/yubikey(yubico.com) for master password to log in LastPass, and use the lastpass plugin for your browser (plus a yubikey from mtgox) to log into your Mt.Gox account.
Title: Re: Would you save your Mt.Gox password in Safari v5.1? Post by: toffoo on August 09, 2011, 07:03:11 PM FYI: He put a new option on the settings page last night where you can now set the amount of idle time after which you get logged out, up to 2hrs:
https://mtgox.com/users/settings?page=settings So now figuring out how to save my password in a secure way isn't such an urgent issue anymore. Title: Re: Would you save your Mt.Gox password in Safari v5.1? Post by: nmat on August 09, 2011, 08:34:28 PM This forum is getting filled with crap. None of the answers was related to your question.
I don't know about the recent Safari improvements (haven't tried Lion yet) so I can't confirm that it uses Keychain. If Safari does store the password on Keychain, it is as secure as your Keychain password is. The MtGox password won't be stored in plaintext (like it happens with other browsers) and the only attack possible is to brute force your Keychain file, which is a painfully slow task if you choose a good pass. So the answer is yes, I would save MtGox's password on my personal Mac with a good Keychain password. It is encrypted and I don't think someone could easily access my Keychain file anyway. |