One login and one password to store and protect all your Web logins and passwords, securely available securely from any Firefox navigator on the Internet.
What is FireWebSSO?
FireWebSSO is a Single Sign-On (SSO) addon for Firefox 2.0/3.5 and Seamonkey that allows you to store and use securely, logins and passwords (secondary logins/passwords) for various Web applications.
- Primary login/password (Master Password) to identify the user and associate the secondary logins.
- Secure remote storage of user's secondary login/password in a secure server with full confidentiality.
- Data are encrypted by the navigator's addon (AES-256); consequently the server has no access to user's data.
- The server has no access to :
- Master Password (only a SHA-2 HASH is stored).
- Web sites you access
- Logins and passwords you use
- Descriptions or any notes you add to your sites or bookmarks
- anything else ...
- Detection of login forms and firefox authentication dialog box.
- Direct authenticated site access, site management and organization, multiple login/password, ...
- Store securely plain-text notes (for example your non-web credentials).
- Store securely bookmarks.
- Import logins/passwords from the firefox password manager.
- Export localy your logins/passwords.
- Access all of your informations securely from any Firefox navigator, anywhere.
- No more remember your secondary passwords.
- Automate you favorite sites openning and authentications.
- Passwords generator based on character set constraints.
- The recorded and stored passwords in FireWebSSO are handled separatly than the built-in password manager. And both password manager can be used simultaneously.
- The recorded sites and bookmarks are independent from the bookmark manager of the navigators. Both boomarks can be used at any time. There is a true separation between the sites handled by FireWebSSO and the bookmarks handled localy by the navigator.
- No information is stored on the navigator's file system, no file is read or written by FireWebSSO. And no information is leaved on the navigator's host after a deconnexion or a navigator closure.
FireWebSSO can be seen as a extended secure remote password manager for Firefox. The Firefox addon and the server parts are available for download. You can build your own private and secure Single Sign On server or use the public one.
Why developping a new password manager ?
The main reasons are :
- I want to use my web login/password anywhere from any Firefox navigator without duplicating it. From my home or from my job, without carrying a password database.
- I do not want to lose again my password database when my system crashed without remembering even my login on Flickr!
- I only want to record login and password associated to URLs and not a bunch of unuseful information.
- I want an auto-fill, auto-login, direct access to the URLs I used the most (the authenticated ones).
- I want a unique strong password and a good encryption of my important information.
- I want to save information as plain text (my home alarm code, the login/password I used in my favorite MMORPG ,...).
- I didn't find out an existing plugin with the features I need.
- I don't want to have the same identity/login/password/personal info on any Web servers I used. I want to keep my different identities private and I don't want to give away my login/password.
What does FireWebSSO do that Firefox and its plugins doesn't already do ?
- Provide a point and click forms-capture.
- Fills forms and authentication dialog windows with auto submission, all at once.
- Let you select between multiple authentication for the same URL.
- Strong encryption of your password database on a remote server.
- Clean deconnection with session-cookie removals.
- Direct access to authenticated URL with the good login/password (even to web server with multiple accounts).
What does it cost ?
The addon is free, under MPL, see license.
The password manager secure server is free under GPL, see license.
You may deploy your own private server, or use the public server. The public server is limited to 1000 managed sites for each user. And you are encouraged to use the donate link, as the fund received are mainly used to maintain the public server online.
What about OpenId ?
OpenId is a good technical answer to the problem of management of your identities. But personaly I don't want to have the same identity on each web services.
I'd rather have multiple accounts referencing multiple email addresses (and avoid spam flooding from some sites) and manage independently all my logins/passwords/identity.
FireWebSSO is an answer to the "Identity Federation" problem, in using one master login to access all of your logins/passwords. FireWebSSO just does Single Sign-On (SSO), do you really need more ?