Master Password
-
leocg Moderator Volunteer last edited by
My OS account? You mean Windows or Opera account?
OS means Operating System, so the answer is Windows.
Opera fills stores passwords and does not require any action before
But people will not be able to see your password without your Windows password.
Whoever opens Opera, in the same windows session, has access to all accounts
Well, if someone manage to get access to your computer and also to your user, then your security and privacy is already compromised.
-
maxzanna last edited by
I know what "SO" mean but my object was OPERA and I tried to make sense your answer. How I said, it was not the same thing. OS password could be not too strong but instead could be Browser Master Pw, moreover You could have to use single User Session (for many reason) in sharing position, so you can use Opera and other\s could be use Firefox or IE, also you don't take into consideration portable version.
-
magogam last edited by
I agree with maxzanna.
For any reason, if someone access your computer, even if you are not logged in Opera, so it can access all your personal web content (email...bank account...opera accoount...). A master password, like in Opera 12, could be a good security tool. -
declpi last edited by
Opera uses the OS credentials to encrypt saved passwords, this is what i was trying to say.
Does this mean that if I use Opera at my USB drive - as a portable browser - and someone finds this drive he can not see all my websites unlocked by cookies if he does not use the same OS-account as I used when I logged into that web pages?
-
leocg Moderator Volunteer last edited by
Does this mean that if I use Opera at my USB drive - as a portable browser - and someone finds this drive he can not see all my websites unlocked by cookies
It means that no one will be able to see your passwords without knowingknowing the OS password.
However, everyone will be able to use your Opera and see your browsing history, use your saved passwords and so on. -
declpi last edited by
However, everyone will be able to use your Opera and see your browsing history, use your saved passwords and so on.
Isn't this an argument to reintroduce a master password setting possibility as Opera had years before?
I'm using Opera as my standard browser since 2004, nowadays I am using Opera mainly as a portable browser within the PortableApps platform and I worry someone finding it and using it in a malicious way. What can be done easily, as you confirmed. With a master password protection I would feel definitely safer!
I found one extension with this feature, but it still has some security gaps.
Please consider my arguments for introducing a master password setting in the default Opera release.
Thank you. -
leocg Moderator Volunteer last edited by
Isn't this an argument to reintroduce a master password setting possibility as Opera had years before?
Why implement a master password or any other security measure for every single software on your computer when you can only crate an user and a password to access the computer/OS and protect all (or almost all) the info in the computer?
I am using Opera mainly as a portable browser within the PortableApps platform and I worry someone finding it and using it in a malicious way.
If any data in a pen-drive is so important that it should not be accessed by others, then it should be encrypted. And there are many ways to do it.
-
declpi last edited by
If any data in a pen-drive is so important that it should not be accessed by others, then it should be encrypted. And there are many ways to do it.
Right! Can you tell me one that does not need admit rights to be executed? TrueCrypt and VeraCrypt need admin rights on the OS-account. But some accounts where I use my pen-drive do not give me admin rights. How do you think can your suggestion be managed there in an easy and secure way?
Let me correct a wrong information: your password couldn't be used because the file for stored passwords would not work in a different computer other than the one it was created.
This is a really great feature! Much better then implementing a master password for each software! Why do you not apply this method to all other sensitive information stored in Opera? Such as settings, open tabs, bookmarks, history, ... And then create one container for each OS-account we use this edition of Opera on. Opera could then always use the right container for the OS-account we use it at the moment.
-
leocg Moderator Volunteer last edited by
Can you tell me one that does not need admit rights to be executed?
Sorry, i don't use any so i can't recommend any. However i think it shouldn't depend on someone else's account to work.
Why do you not apply this method to all other sensitive information stored in Opera? Such as settings, open tabs, bookmarks, history, ..
Why such info should be considered sensitive?
-
blackbird71 last edited by
...
This is a really great feature! Much better then implementing a master password for each software! Why do you not apply this method to all other sensitive information stored in Opera? Such as settings, open tabs, bookmarks, history, ...Everything that's stored in encrypted form requires decryption before it can be used. It's one kind of system impact to do that for passwords at individual site log-ins, and another to do it constantly for each frequently-accessed browser file involving open tabs, bookmarks, and history which involve frequent read/writes. Moreover, the added complexity adds a lot more potential failure points when bad things happen to good files and processes.
-
A Former User last edited by
i have same problem.i cant save my some pasword in pc that i use in workplace.i wish opera add master pasword in future.
-
declpi last edited by
@ blackbird71 (1)
Everything that's stored in encrypted form requires decryption before it can be used. It's one kind of system impact to do that for passwords at individual site log-ins, and another to do it constantly for each frequently-accessed browser file involving open tabs, bookmarks, and history which involve frequent read/writes.
On the fly encryption and decryption is nowadays no speed or resource problem. You can do this with huge drives and thousands of GB data reading and writing without loss of speed in comparison with non encrypted files.
@ blackbird71 (2)
Moreover, the added complexity adds a lot more potential failure points when bad things happen to good files and processes.
Storing each Opera-OS-account in another folder does not add much complexity. The only challenge is to store each OS-account passwords, settings, bookmarks, open tabs and history in his own folder, as it is done now in only one folder. If this is the problem I wonder how you managed to get Opera to work at all.
@ leocg (1)
Sorry, i don't use any [encrypted pen-drive] so i can't recommend any. However i think it shouldn't depend on someone else's account to work.
But it depends. It is impossible to mount a drive letter without admin rights on Windows by design. Unless you previously installed the appropriate TrueCrypt/VeraCrypt driver, which would require admin rights at that point. Your proposal is well-intentioned leocg, but unfortunately impracticable.
@ leocg (2)
Why such info [settings, open tabs, bookmarks, history, ...] should be considered sensitive?
- settings I consider confidential because I don't want someone to see my Autofill settings, or a malicious person to modify my settings. Especially the SSL Zertificates.
- open tabs, bookmarks and the history I consider confidential because I don't want my employer, my parents, my children, my wife, my friends or someone else see all the kind of sites I visited and at what time over the last years. They may draw the wrong conclusions about me from that.
So why not apply your password method to this information as well and additionally create one container for each OS-account we use Opera on?
-
A Former User last edited by
I'm new to Opera (using 38.0.2220.41), having just changed from FireFox.
The Opera Help site (http://help.opera.com/Windows/9.51/en/security.html) says that I can set a master password by going to Settings, Advanced, choosing Security and then Set Master Password.
Just a few problems with those instructions. There is no Advanced. Security is in Basic (and Basic is all there is). And there is no Set Master Password.
Is there a problem with my Opera installation? Or is the Help page incorrect? I want to set a master password, I don't want a debate about security or advice on what other people think I need.
Can a master password be set in Opera 38.0.2220.41, and if so, how?
-
leocg Moderator Volunteer last edited by
The Opera Help site
Those are instructions for Opera 9.51 as the page address shows.
Tip: To go to a software help page, you do it from inside the program by pressing F1 or using the menu.
Can a master password be set in Opera 38.0.2220.41, and if so, how?
No, you can't.
-
knozzers last edited by
I think Opera needs desperately a Master password in case of the OS being hijacked.
That can happen if a Laptop is stolen or someone manages somehow to access the computer by overriding the OS password(s).
There are several methods to gain access to a locked Windows-PC. It seems that only an encrypted harddisk (via Bitlocker or such) is safe, but not everybody does that procedure for some reasons.
I understand from the previous posts, that Opera uses the same password as Windows, or the active user account.
With tools like Bart PE one can reset any User account password on a Windows system harddisk, except for those in a network domain (but maybe even some of them, because they have to be stored locally for offline access).
If I understood it right, Opera will follow any changes of the password, so, a thief or someone who can secretly boot the computer with such a tool and then, after resetting the passwords and logging in, can access all Opera passwords.
It's basically a simple "net user" command as an Administrator.
I may sound a bit paranoid, but Laptops are often stolen or even forgotten/lost.
Since there is a growing demand for passwords, accounts and such, if one of my laptops would end in other hands (without my consent), I would have endless work to do, to change those passwords.
On the other hand, not storing them, is not an option (any more). I would need a special app on my phone or on a separate pda to manage them, and I would soon be busy with entering Username and passwords.