Comment Re:Better password manager needed (Score 1) 140
People need to use the browser's password manager to avoid remembering or entering any passwords. There is no reason to keep it in your head when your computer is perfectly capable of doing it.
The problem with the current implementation is that you still have to enter the master password every time you start the browser, which leads most people to just not set one, which leads to the passwords being stored on the disk unencrypted and easily stolen.
The solution we need is to integrate authentication for the password manager with the login process. Store the passwords in an encrypted file, with the account password as the key. A password daemon, like ssh-agent, running as root can securely load and decrypt your password file at login time. It will remain unaccessible except through a specific interface. The interface can authenticate the calling application by using socket credentials passing and allow the user to explicitly let the firefox password manager (which will have to be a separate process and executable for this purpose) access the passwords.
This way the passwords are not accessible to any remote threat and are encrypted on disk to thwart any local threats. The user never has to enter any passwords except at login. Convenience and security.
They already have this - it's called Keychain on Mac OS X