tracylamv2，作者 Version 2

How to disable the Firefox password manager

Like other major browsers, Firefox offers a convenient built-in way to store your passwords. It’s beloved by users for being a non-Chromium alternative to the market leader Chrome. However, if you find that Firefox is not the browser for you or want to look into different credential storage methods, you might want to know how to disable the Firefox password manager first.

Today, we’ll cover the process, from exporting your passwords for safekeeping to switching off the password manager on desktop and mobile devices. Then, we’ll see what secure alternatives you can use to store and access your credentials.

Some steps before you turn off the Firefox password manager

Firefox allows users to save login details whenever they log in to a new site. Even if you don’t use the browser’s built-in password manager regularly, this means you may have some of your credentials saved, whether by choice or by accident.

Before disabling the Firefox password manager, you should first see if you have any credentials saved and, if so, which ones. This will let you know if your stored credentials are up-to-date and whether they need to be deleted altogether. If you use a Firefox account, all changes will apply to the devices you’re logged in on via synchronization.

Keep in mind that disabling the built-in password manager won’t automatically clear your storage—if you ever turn it back on, your old data will be easily accessible. That’s not ideal if you don’t plan to use Firefox for your password storage in the future. To be sure that this information is gone for good, you have to delete all stored credentials manually. For more in-depth information on viewing, editing, and deleting your passwords on Firefox, check out our dedicated guide.

That said, if you find valuable information stored in your Firefox password manager, you might want to preserve it before deleting it from the browser. We recommend exporting your saved credentials from Firefox and storing them in a secure location until you can import them to a different password manager.

To export passwords from Firefox, follow these steps:

Click the three lines in the top right corner of the browser and select “Passwords.”
Tap the three dots on the upper right side of the “Passwords” page to open the menu. Then, click “Export passwords.”
You will be warned that your exported credentials will be saved as a non-encrypted, readable file. Select “Continue with Export.”
Choose your preferred location to store the file and click “Export.”

Keep your exported file safe. If you plan to import the credentials to a different password manager, delete the file immediately afterward.

Turning off the Firefox password manager on your device

You can easily control the Firefox password manager settings on both desktop and mobile devices.

On desktop

To disable the Firefox password manager on a Windows or macOS device:

Click the three lines in the top right corner of the browser and select “Passwords.”
Tap the three dots on the upper right side of the “Passwords” page to open the menu. Here, select “Preferences.”
Toggle off the “Ask to Save Passwords” checkbox.

On mobile

To turn off the Firefox password manager on an Android or iOS device:

Tap the three dots (on Android) or three lines (on iOS) and go to “Settings.”
Select “Passwords.”
Under “Save Passwords,” toggle on “Never Save.”

Changing your password manager from Firefox to a third-party provider

With the Firefox password manager switched off and your exported credentials resting on your device, it’s time to consider where your next password storage will be. It’s not a good idea to keep this data out in the open. If anyone got their hands on your device or if you accidentally shared the file with others, your accounts could be compromised.

So, you should find a solution that offers more protection against password leakage—and yes, setting up a spreadsheet file is also out of the question. Another not-to-do item on this list is changing all your passwords to the same one. It might seem like the simplest solution, especially considering that the average person handles nearly 170 passwords. However, if one account gets compromised, the rest might go down with it. Instead, we need to consider a reliable alternative that lets you add variety to your passwords while keeping them secure.

If you’re simply switching browsers, you may be tempted to use its built-in password manager, if it offers one. However, browser-based password managers pale in comparison to third-party providers like NordPass. While Firefox uses AES-256 encryption to protect sensitive data, NordPass has opted for the more advanced XChaCha20—a faster and more secure alternative. NordPass is also convenient to use as a browser extension—you can even get it for Firefox.

When you switch to NordPass, you’ll get the fundamental features you’ve been familiar with on Firefox, like autofill for your credentials and cross-device synchronization, ensuring all your passwords are up-to-date. But that’s just the start—NordPass offers protection for your email address by letting you set up an email mask. You can also scan your vault to see if any of your credentials are old, weak, or reused.

Manage your accounts with ease without leaving your browser with NordPass.

FAQ

Why should you disable the Firefox password manager?

A browser does not offer sufficient security for sensitive data. For example, if someone were to gain unauthorized access to your browser, they could export and access your passwords and breach your accounts.

What happens after disabling the Firefox password manager?

Once you’ve disabled the Firefox password manager, it will stop prompting you to save or autofill your login credentials. However, your previously saved passwords will still be available if you switch the browser password manager back on.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Epsilon: The Most Expensive Data Breach You’ve Never Heard Of

Search for the most expensive data breaches in history, and you’ll see a list of names you’re undoubtedly familiar with: Yahoo ($470 million), Target ($300 million), TJX ($256 million), Sony Playstation Network ($171 million.) But at the top of the list – often in the number one spot – is a firm called Epsilon, which suffered a data breach in 2011 that cost an eye-watering 4 BILLION dollars.

Who or what is Epsilon? Why was their data breach so expensive? And have we learned lessons from it so that we can prevent it in the future? (Spoiler alert: No.) Let’s delve into the story:

First, what makes a data breach expensive?

Data breach costs continue to rise. The average cost of a data breach in 2024 is $4.88 million, which is by no means a small chunk of change. That number begs the question, however; why are some breaches so much more expensive?

According to IBM, there are four key areas that contribute to the expense of a data breach:

Detection and Escalation

Detection is the process of finding the breach and determining its full extent. It involves tools like SIEM (Security Information & Event Management) and IDR (Intrusion Detection and Response.) Some things to watch out for are odd traffic patterns (like a security camera suddenly passing several gigabytes of data), repeated access requests from an unidentified source, and abnormal data transfers.

Escalation is the process of letting the correct people in the organization know. It probably starts with IT and security staff and then branches into legal, product, engineering, senior leaders, etc.

These may not seem like big hurdles, but consider this: it can take months to discover the true extent of a data breach through thorough investigation. You have no way of knowing which systems are compromised and which channels are safe, and you risk giving the hackers time to hide more effectively if they are privy to your communications. You might find yourself having to suddenly invest in tools like encrypted messaging, password managers, or hardware security tokens like PIV (personal identity verification) cards.

Notification

Notification is how you alert the outside world of the data breach. From customers to regulators, the sooner you make a statement and share the facts the better. Being transparent about what data was compromised, providing regular updates on the investigation, and outlining how you will prevent future breaches are all essential elements of your notification strategy.

Post-Breach Response

How are you going to make people feel like they can safely do business with you? That’s the question your post-breach response has to answer. Offering things like free credit monitoring, compensation for any fees or financial costs they incur, and clear communication about the steps you’re taking to strengthen your security measures can help rebuild trust.

Lost Business

It cannot be overstated how disruptive a data breach is to a company’s operations. Everything – development, sales, support, marketing – grinds to a halt while the breach is investigated. Your customer-facing departments like support and sales will be inundated with questions and complaints. Forget about future plans and roadmaps – everything is consumed by the data breach. Customers will churn. Prospects will disappear or expect incredibly deep discounts.

With all of these to consider, costs add up rapidly.

Who is Epsilon?

Founded in 1969, Epsilon was one of the world’s largest marketing firms until it was acquired by Publicis Groupe in 2019. Epsilon is an industry leader in data-driven marketing, consistently ranking among the top firms in the industry. They boasted clients across several industries:

Financial Institutions: American Express, Citibank, Capital One, Barclays

Retailers: Target, L.L. Bean, Best Buy

Hospitality: Hilton, Mariott

Other large clients: Disney, TiVo, Kroger, Verizon

One of their core services was managing e-mail marketing campaigns, so they had a massive database of e-mail addresses across all of their clients.

What happened?

In April 2011, Epsilon announced that it had been the victim of a data breach. Although it hasn’t released full details of how exactly it happened, the general consensus is that it was a phishing attack. This makes sense, considering these types of attacks are still extremely common. The hackers were able to access Epsilon’s e-mail database and obtained 250 million records from 75 of Epsilon’s clients.

Although Epsilon quickly alerted its own clients, it left communicating with the actual victims up to them. This resulted in somewhat inconsistent notifications; Verizon, for instance, took a week to notify their customers, saying they “Wanted to make sure [we] had the most detailed information possible from Epsilon.”

No personal information was compromised, just names and e-mail addresses. However, this opened the victims up to more targeted e-mail scams; for instance, if you see that a particular e-mail address is associated with Barclay Bank, you can send a series of spear phishing attacks to that specific person that appear more legitimate. To wit, the perpetrators raked in an estimated $2 million from spam e-mails.

The Aftermath

3 people were indicted; two were sentenced and one remains at large and wanted. Epsilon lost an estimated $45 million in business as clients left in droves; paid out another $127.5 million to victims in a settlement with the Department of Justice, and another $225 million in forensic audits, monitoring, litigation, and more. Total cost of the damage: $4 billion.

We’d love to tell you that lessons were learned, security was tightened, and this kind of attack never happened again…..we sure would love to tell you that. To be fair, this hack did lead to greater awareness of vulnerabilities in databases and an improvement in best practices around security in general. But overall, the initial method of entry – compromised credentials via a phishing attack – is still one of the most common techniques hackers use today. In fact, compromised credentials account for 80% of all data breaches. The smartest thing an organization can do is shift to passwordless authentication – unless they just happen to have $4 billion lying around.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Network Portnox 2024

Solving Complex Kafka Issues: Enterprise Case Studies

Apache Kafka issues, especially for enterprises running Kafka at scale, can escalate quickly and bring operations to a halt. The open source community may be able to offer assistance, but in some situations, you need a resolution fast.

While some organizations partner with OpenLogic for ongoing, SLA-backed Kafka support, our Professional Services team gets involved when a customer who does not have a support contract needs a consultation or help troubleshooting an issue with their Kafka deployments. These engagements can last anywhere from a few days to a few weeks, depending on the scope and complexity of the project.

In this blog, we present four Kafka case studies with details on what the Kafka issue was and how OpenLogic solved it.

Case Study #1: Large Internet Marketing Firm

Background: This customer was tracking clickstream events to measure ad campaign success. Their large bare metal implementation contained 48 nodes, and was processing roughly 5.8 million messages per second with 1-2 second end-to-end latency.

The Issue: LeaderAndIsr requests were failing during rolling restarts, resulting in multiple leader epochs with stale zkVersions.

The Solution: OpenLogic identified an existing bug that had not been fixed in the version of Kafka they were using, which had a higher likelihood of occurring during resource contention on the Zookeeper instance co-located on five of the Kafka nodes. They recommended upgrading the Kafka cluster and running Kafka on Zookeeper on independent nodes, which fixed the issue.

Length of Engagement: 5 days

Case Study #2: Large South American Bank

Background: This customer was currently utilizing IBM MQ and not hitting the performance metrics they desired. They were having to deal with large messages at high volume.

The Issue: Due to slow response times with end-to-end latency and total throughput with large messages, the customer wanted to move to Kafka to have a streaming-focused messaging bus.

The Solution: OpenLogic provided architecture using the Saga pattern with Apache Kafka and Apache Camel for managing long-running actions, such as crediting a payment on a loan from cash deposited at a branch. They also provided architecture for using Kafka with log shipping and the ELK stack, as well as for bridging events from IBM API Connect Cloud to Elasticsearch index behind the firewall using Apache Kafka. Finally, OpenLogic led a 5-day Apache Camel training to a team of 15 people so they could learn how to create Kafka consumers and producers.

Length of Engagement: 27 days

Related Video: Apache Kafka Best Practices

Case Study #3: U.S. Aerospace Firm

Background: Originally this customer wanted help with Rancher and moving from a VM-based Kafka cluster. They were utilizing a web socket server that was responsible for collecting satellite location data in real time. The web socket server could not talk directly with Kafka, and so they had developed a Camel-based system for their original Kafka cluster. They did not have any metrics collected on the existing cluster and could not identify the root cause for message delays and lag.

The Issue: Performance issues with pub/sub relay application that consumed from websockets from domain-specific appliance and published to Kafka queues.

The Solution: OpenLogic implemented Rancher clusters dedicated to running the Strimzi operator and serving Kafka clusters. They were also able to improve throughput dramatically by moving existing Java code to Apache Camel with vertx driver.

OpenLogic created metrics with Prometheus and Grafana in both the Camel websocket relay application and the Kafka brokers to determine replication and processing lag, and put monitoring in place to alert on topics that didn’t meet SLAs. Once metrics collection with Grafana and Prometheus were put in place, existing bottlenecks became identifiable and addressing them drastically improved end-to-end performance.

Length of Engagement: 3 days

Case Study #4: Global Financial Services Company

Background: Customer came to OpenLogic with a security concern with Kafka Connect that violated PCI compliance as well as internal security standards.

The Issue: Sensitive information was included in stack traces with Kafka Connect.

The Solution: OpenLogic created a test harness, which was sanitized so that customer information was not present, that reproduced the bug. They filed a bug against the project and attached the test harness – and wrote the code that resolved the bug. OpenLogic then submitted the code to the community and worked with community to modify the PR to meet the community’s standards. Finally, they informed the customer when the bug was accepted and estimated which release was likely to include the fix for it. As a result, this K.I.P. was produced from the engagement.

Length of Engagement: 20 days

Final Thoughts

Apache Kafka is an extremely powerful event streaming platform, but when things go wrong, they go wrong at scale. These Kafka case studies illustrate the benefits of having direct access to Enterprise Architects with deep Kafka expertise in those moments when every minute counts.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

OpenLogic 2024