firefox sync! (add-on)
Aug 1, 2010 | 6:39 pm
#16
Join Date: Feb 1999
Location: San Jose, California, USA
Programs: AS Plat, UA MM, AA MM, IC Plat, Marriott Gold, Hilton Gold, Hyatt Globalist
Posts: 3,167
Not a silly question at all. As with services like Yodlee, the passwords are stored on central servers outside of your direct control, so you have to trust the company you send these to. You'll have to determine for yourself whether the benefits of xmarks or ffsync outweigh the potential security concerns.
Aug 1, 2010 | 6:41 pm
#17
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,771
May be a silly question but where is all the data that is synched stored? If it is not resident on your computer over which you have control is it not a HUGE potential security breach to store passwords elsewhere?
Hoping I am misunderstanding.......
Thanks in advance from a "just had my first cup of coffee for the day" Mike
Hoping I am misunderstanding.......
Thanks in advance from a "just had my first cup of coffee for the day" Mike
This is what they say:
To encrypt your passwords, Xmarks uses the current state of the art AES 256-bit encryption algorithm. AES is a United States government standard and is recommended by National Security Adminstration (NSA) for encrypting classified information. See the AES Wikipedia entry for more details.
AES works by taking data that needs to be encrypted along with a secret PIN of your choosing, and then produces an encrypted result. It is strong enough to virtually guarantee that your encrypted data cannot be decrypted by a third-party, not even Xmarks. The biggest point of weakness is in the strength of the secret PIN that you choose. Xmarks recommends that you choose a PIN that is difficult to guess and contains a wide variety of different characters and numbers.
AES works by taking data that needs to be encrypted along with a secret PIN of your choosing, and then produces an encrypted result. It is strong enough to virtually guarantee that your encrypted data cannot be decrypted by a third-party, not even Xmarks. The biggest point of weakness is in the strength of the secret PIN that you choose. Xmarks recommends that you choose a PIN that is difficult to guess and contains a wide variety of different characters and numbers.
Aug 1, 2010 | 7:24 pm
#19
Original Member
Join Date: May 1998
Location: Tokyo, Japan (or Vienna whenever possible)
Posts: 6,977
Thank you all for the information.
Sounds like it boils down to a judgment call with the general wisdom being that a well selected PIN gives about as much security as one could reasonably expect or need.
Seems a good system and I will have a think about it and my own needs. Really appreciate the timely and complete answers though. ^^
Sounds like it boils down to a judgment call with the general wisdom being that a well selected PIN gives about as much security as one could reasonably expect or need.
Seems a good system and I will have a think about it and my own needs. Really appreciate the timely and complete answers though. ^^
Aug 1, 2010 | 11:38 pm
#21
Original Poster
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,708
They discuss security on the 2nd link on the OP.
Similar to xmarks, firefox sync uses a passphrase to encrypt your data locally. The data passphrase is not stored in the cloud.
It's not a PIN or a password, it's a passphrase, like a sentence or multiple words.
-David
Similar to xmarks, firefox sync uses a passphrase to encrypt your data locally. The data passphrase is not stored in the cloud.
It's not a PIN or a password, it's a passphrase, like a sentence or multiple words.
-David
Last edited by LIH Prem; Aug 1, 2010 at 11:45 pm
Oct 18, 2010 | 4:05 am
#22
Join Date: Sep 2005
Location: New York
Programs: UA, Starwood, Marriott, Hyatt. RewardsNetwork dining.
Posts: 210
Almost end of the road for XMarks?
Last month, XMarks announced that they were going to take their shingle down. So many browsers developing their own syncing, that it could not be profitable for the company to continue. (See "End of the Road for XMarks" or use search engine to query XMarks ending.)
Now they changed their mind; a larger company will absorb them, or it could become a premium service; many users said they were willing to pay $. (See XMarks Victory for the Users.)
Now they changed their mind; a larger company will absorb them, or it could become a premium service; many users said they were willing to pay $. (See XMarks Victory for the Users.)
Oct 20, 2010 | 9:31 pm
#23
Join Date: Feb 2004
Location: Washington, DC USA
Programs: UA; Amtrak
Posts: 2,002