I’m just scared that they’re saved with reversible encryption on the disk, then malware could steal them
I recommend a password manager like Bitwarden, it has a great Firefox extension and it’s very secure.
I self host vault warden, and the card auto-fill works ~70% of the time, and about half of those, the security code or the expiration doesn’t work. EBay is the first one that comes to mind. I know it’s the websites not following standards or conventions. It happens often enough that I remember the dates and codes now because I end up having to fill them in so often.
Protip: if a field doesn’t populate, right click on it, then choose “copy name for bitwarden” (or something like that, not using FF in English), then add a custom field in the CC entry in bitwarden using that name in the clipboard. From now on on that specific page it will work
I actually didn’t know that. Thanks for the tip!
I’ve done that, the js or whatever overwrites it on eBay
I never had any issues with it
It seems really bad at filling CC info though. Like, I don’t think it works at all. I always need to copy the number separately.
I still use it but it is annoying.
Its less annoying than having to get up to get my wallet
Oh definitely, which is why I use it.
Not for me. It works every time. Even on pages that disable pasting into the CC box, the BitWarden extension can still fill it in.
Huh, weird that I seem to have ao much issues with it. Could be due to mostly ordering from Finnish sites and the fields are often in Finnish.
I trust it enough to use the feature, but I’ve got separate cards for online and in-person purchases. The online card is temporarily disabled in my bank app, and I only unblock it when I intend to use it. Takes like 30 seconds extra.
The in-person card is permanently unlocked for NFC and regular store transactions, but region locked to the country where I’m currently at, and transactions over $30 require the PIN.
Are you in the EU?
I’m an EU citizen and my cards are issued in the EU, but I live in Asia.
Which Bank? The one I use sucks ( financially and IT-sec wise)
DKB, the credit card for online purchases and the debit card for in person stuff. The app allows quite some micromanagement for card permissions.
On top of it I’ve got an account with wise.com where I can generate virtual cards, I do that frequently when traveling abroad to sign up for local taxi apps and other services I’ll never use again, then delete the card once I’m done.
And as an ultimate backup I’ve got an N26 account, just in case someone only accepts MasterCard. I don’t trust them one bit though and only carry a balance of 150 EUR or so on the card and top it up only when it’s exhausted.
Are you happy with DKB and Wise in all other ways?
Yep, been using both of them for ages. DKB for 20 years now, wise for almost 10. Never had a reason to complain, except for DKB as a broker, they are just way too expensive.
Out of curiosity, would it not take less than 30 seconds to type your CC numbers in online each time? I mean the month and ?ccv are easily memorable
It being blocked still helps protect them if the card number gets snatched during a transaction. By the time the scammers are ready to use the card numbers, the card would be locked.
Nice, I like it!
Yeah sure, but a keylogger could read it at any time then, while cracking the locally saved card is more complex. And locking the card down unless explicitly needed also means that even if my card card does get compromised, it can’t be used of very narrow and random windows, adding a nice layer of security.
Please don’t save stuff in your browser. It’s very easy to rip those passwords and logins. If you must, keep it in a proper password manager like bitwarden or keepass.
How about when using a primary password?
Doesn’t matter, can be bypassed on both firefox and chrome.
Just checked it, it doesn’t seem to be the case
When you save website passwords, the Primary Password feature encrypts them before storing them on your computer
Chrome passwords are free for the taking though
More likely to be stolen in person at your local coffee shop
If it’s a credit card then you should have pretty decent protection against fraud from the credit card company. I’ve had my card details stolen a few times (though never directly from my browser) and each time the credit card company has identified the fraud and reached out to me within minutes.
Now if it’s a debit card, you should NEVER put those numbers into a computer. I only ever use my debit card to access the ATM, and even that is rare.
Sounds like a very US specific answer. In EU I only have a debit card and sometimes I have a hard time using it even myself because I need to pass 2fa and sometimes even that isn’t enough if I’m on a new browser
Credit cards work the same everywhere*, it’s not US-specific. My debit card actually only has my bank account number on it (but I think that actually is a Germany-only thing with our Girocards), so paying for stuff online is just a normal bank transfer, where yeah you do have to pass the bank’s 2FA (unless it’s via SEPA direct debit).
* mostly, my card requires me to confirm some charges in a special phone app, I don’t think that’s a thing everywhere since it’s also fairly recent
This is on account of the concept of SCA (Strong Customer Authentication) from PSD2 (Payment Services Directive), an EU-regulation.
That’s only true for debit cards that aren’t backed by master card or visa. When you use your debit card that is online, it’s run as a credit card and has the same fraud protections.
I don’t use debit cards anywhere for this exact reason. Don’t even have one. When I have in the past, I’ve had the card linked to a seperate bank account with a small balance and no overdraft protection to limit damage. What I’d found though is that even when you tell the bank not to enable overdraft protection, they conveniently forget that and it stays possible to overdraft your account and get hit with fees,
I do the same strategy for crypto wallets, there’s only a small amount in my browser wallet so that if somebody gets it, they can’t steal much. From there you can have varying degrees of storage security for larger amounts: multi-sig so you have to sign transactions using multiple devices, hardware wallets, and cold storage.
I see all these articles about people getting thousands of dollars stolen from their crypto wallet and I’m like, you put $3,000 on the same computer you play Zombie Run 4 on? Knowing there was no fraud protection? And that a hardware wallet costs $100? Or that multi-sig is free? If you are storing that much in crypto, you need to either educate yourself on safe storage or use a custodian you can trust (exchange, multi-sig with family member, etc) who can.
I don’t even trust Steam, let alone Mozilla. I don’t think I’ve ever had any credit card auto-fill on any browser I’ve ever had
I simply use my credit card number for my password on every site. it makes it so much easier to remember both. back in the day i would use my social security number. thanks to that simple trick, i never get robocalls or spam and i’ve been removed from most mailing lists because no one will ever issue credit or do business of any kind with me. a hacker stole my identity once and my credit score quadrupled. he even gave my identity back a week later!
You joke but back in the 90s when I first used the internet in the library I had to choose a password for the email. And the requirements were weird. Needs to be an exact length, letters, numbers, and so on. Then I realized my country SSN was a perfect match with the requirements! “Wow that’s perfect, so I gonna use that as a password, nobody gonna guess that” - the naïve boy thought. Of course it was hacked by some other classmate that got the same conclusion and I realized that it wasn’t that perfect and that almost everyone had the same idea due to the strict exact length requirements. (SSN in my country can be easily found again if you know name and DOB)
With credit cards any fraud is the responsibility of the credit card processor not the individual. So the risk isn’t on your side.
I do trust it well enough, but I don’t use it.
For starters, I don’t want it to be too easy to spend money. If I want something, I should want it enough to pull my card out and type the number again.
Second, the auto-fill often doesn’t work perfectly, so you need the card anyway.
Third, there’s the slim chance it could be hacked. So why even take that chance when the only benefit is convenience
The number being somewhere on your computer isn’t something I’d worry about. The real risk is from a liberal autocomplete that might throw it into website forms where you don’t want it to be, including hidden ones. Maybe there are protections in place since I last let Firefox save anything like this, but it used to try pasting address and CC info whenever it could.
No, i use keepass and coppy/paste like the other commenter
I don’t trust saving my CC numbers anywhere. And considering how many times retailers have been hacked and had that kind of information stolen I wish it were law that no one could save them.
If Firefox can read it from disk without a password, any other program running as your user can read it from disk without a password. But to prevent this you can encrypt your Firefox profile with a password.
No. If I want my CC number I just……look at my CC
Absolutely not.
