Well, it's true and not true. Random people on the Internet or tricky site programmers can't get to your password archive -- which only exists if you've told Firefox to remember your passwords in the first place -- but anyone who can spend two minutes on your computer (or laptop!) can indeed view and even print your entire set of saved account and password pairs. Scary!

Let me show you how it's done, then I'll let my friend Patrick Crispin of Internet Tourbus fame talk about the different possible solutions to this problem.

Start up Firefox and go into the Options or Preferences area. It turns out that both the Mac and Windows versions of the program have the same problem too. Once in the Options area, click on the Privacy icon along the top, then the Passwords tab and you'll see this:

Notice that I have "Remember Passwords" checked: if yours is unchecked, then you should be in the clear with nothing to worry about.

Next, click on the View Saved Passwords button and you'll see:

So far it's a bit invasive in that you can now see the sites I visit and have accounts at, including my username. But notice the button at the bottom: Show Passwords. Click on that and a new column shows up in the window, with the password for each and every site shown in "cleartext", easily copied, memorized or printed for anyone who can get to it.

Let me hand the virtual "talking stick" over to Patrick Crispen now for his commentary and suggested solutions:

Should you panic? Nah. Unless you share your computer with others, the only way someone is going to be able to view your saved web passwords is if that person has access to your computer. If you have a firewall on your computer and lock your home's front door when you leave, your saved web passwords are pretty safe.

Of course, that's just my opinion. Let me add that if you share your computer with others, or if you just want to make absolutely sure your saved web passwords are significantly safer, you have three options:

1. "Throw the baby out with the bathwater": Disable the "Remember Passwords" feature in Firefox so that the program never remembers any of your web passwords.
2. "Lock down Firefox": Create a new, master password that automatically locks all of your passwords from snoops.
3. "Lock down your computer": Use your computer's user accounts feature along with a screensaver password to require everyone whose uses your computer to login.

In my humble [controversial] opinion, the last option is the best. It solves not only the Firefox saved password security problem but also a host of other security issues, but hopefully you're already doing that, so let's focus on the first two instead:

Disable Remember Passwords

If you want to permanently disable Firefox's "Remember Passwords" Feature [which I don't recommend, but that's just me],

1. Go to Tools > Options > Privacy
2. Click on the + sign next to the words "Saved Passwords" or, in newer versions of Firefox, click on the "Passwords" tab.
3. Click on the "View Saved Passwords" button.
4. Click on the "Remove All" button. [To the Firefox gurus out there: Yes, you can do the same thing in "Clear Private Data." But you still have to go to the Passwords tab to disable "Remember Passwords." I just figured we'd take the direct route.]
5. Click on the "Close" button.
6. Uncheck "Remember Passwords."
7. Click on the "OK" button.

Doing this clears all of your old web passwords and prevents Firefox from remembering any new web passwords in the future.

Set a Master Password

Another way to lock down Firefox is to set a "Master" password. This is a special password Firefox asks you to key in once per session. Key in the correct master password and Firefox works just like it used to work by auto-filling your saved usernames and passwords on your favorite sign-in pages. Key in an incorrect master password, however, and Firefox automatically blocks your saved usernames and passwords from displaying. Sign in pages will still load, but the username and password boxes will be blank.

To set a master password,

1. Go to Tools > Options > Privacy
2. Click on the + sign next to the words "Saved Passwords" or, in newer versions of Firefox, click on the "Passwords" tab.
3. Click on the "Set Master Password" button.
4. Key in a new "master" password.
5. Click on OK.

Thanks, Patrick, for your clear commentary on these options. This material was also originally published in the Internet Tourbus and please note that no squirrels were harmed in the writing of this blog entry.