this post was submitted on 10 Feb 2024
97 points (96.2% liked)

Firefox

17938 readers
23 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

I'm just scared that they're saved with reversible encryption on the disk, then malware could steal them

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 9 months ago (3 children)

If it's a credit card then you should have pretty decent protection against fraud from the credit card company. I've had my card details stolen a few times (though never directly from my browser) and each time the credit card company has identified the fraud and reached out to me within minutes.

Now if it's a debit card, you should NEVER put those numbers into a computer. I only ever use my debit card to access the ATM, and even that is rare.

[–] [email protected] 14 points 9 months ago (2 children)

Sounds like a very US specific answer. In EU I only have a debit card and sometimes I have a hard time using it even myself because I need to pass 2fa and sometimes even that isn't enough if I'm on a new browser

[–] [email protected] 4 points 9 months ago

Credit cards work the same everywhere*, it's not US-specific. My debit card actually only has my bank account number on it (but I think that actually is a Germany-only thing with our Girocards), so paying for stuff online is just a normal bank transfer, where yeah you do have to pass the bank's 2FA (unless it's via SEPA direct debit).

* mostly, my card requires me to confirm some charges in a special phone app, I don't think that's a thing everywhere since it's also fairly recent

[–] [email protected] 2 points 9 months ago

This is on account of the concept of SCA (Strong Customer Authentication) from PSD2 (Payment Services Directive), an EU-regulation.

[–] [email protected] 7 points 9 months ago

That's only true for debit cards that aren't backed by master card or visa. When you use your debit card that is online, it's run as a credit card and has the same fraud protections.

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

I don't use debit cards anywhere for this exact reason. Don't even have one. When I have in the past, I've had the card linked to a seperate bank account with a small balance and no overdraft protection to limit damage. What I'd found though is that even when you tell the bank not to enable overdraft protection, they conveniently forget that and it stays possible to overdraft your account and get hit with fees,

I do the same strategy for crypto wallets, there's only a small amount in my browser wallet so that if somebody gets it, they can't steal much. From there you can have varying degrees of storage security for larger amounts: multi-sig so you have to sign transactions using multiple devices, hardware wallets, and cold storage.

I see all these articles about people getting thousands of dollars stolen from their crypto wallet and I'm like, you put $3,000 on the same computer you play Zombie Run 4 on? Knowing there was no fraud protection? And that a hardware wallet costs $100? Or that multi-sig is free? If you are storing that much in crypto, you need to either educate yourself on safe storage or use a custodian you can trust (exchange, multi-sig with family member, etc) who can.