Security Settings Tab

Now select the Security tab.

Warn me when sites try to install add-ons. Ticking this option enables sites to install software (e.g. extensions) and would be highly recommended for best functioning of Firefox. Unlike Internet Explorer Firefox is more secure as regards installing software, what with if you aren’t installing software from a trusted source, i.e., then you’ll be prompted as to whether to add the site to the Allowed Sites list, after which you’ll be prompted whether or not you wish to allow installation (Though this has been exploited (and since fixed) recently). Unticking this option disables sites from installing software, which might prove useful should you be interested in locking down Firefox.

Exceptions. To allow software to be installed from specific sites click this button and enter the address into the Address of web site field and click Allow. Use the Remove Site button should you change your mind at a later date or Remove All Sites if you wish to clear the entire listing.

Tell me if the site I'm visiting is a suspected forgery. Tick this option to enable phishing protection; this provides a warning whenever viewing a site which has been reported as a phishing site. For example; having received an email purporting to be from PayPal and clicking the link provided loaded a webpage which where you would attempt to login to your PayPal account; thus providing your login details to the phisher. In this case however the site had been listed as a phishing site and a warning message prompted:

I wouldn't recommend disabling (Unticking) this feature given the increase in phishing attacks and their rising level of sophistication. 2 options are available to further customise the level of protection.

Check using a downloaded list of suspected sites. Selecting this option specifies that Firefox checks websites against an automatically downloaded and locally stored list of known phishing sites; prompting when a match is made (As in the above case). This list is automatically updated generally every 30 minutes on average (The list is initially updated within 5 minutes of launching Firefox); this provides a near real-time level of protection, with no impact on browsing speed (As URLs are not sent to be verified) and minimizes privacy concerns as no data is provided to the list provided regarding websites visited.

Check by asking X about each site I visit. Selecting this option specifies that URLs are sent to the selected content provider (Google by default) to be verified in real-time (Which ensures you're checking against the very latest list); prompting when a match is made. Although this data is sent over a secure SSL connection, it has raised some privacy concerns. There may be a negligible affect on browsing speed as URLs are verified.

Note – It's important to understand that the inherent time delay when Check using a downloaded list of suspected sites is selected is the only real difference between that and selecting the Check by asking X about each site I visit option. Using the latter option does not provide a more comprehensive listing; merely a more timely one, i.e. you should not feel significantly more at risk by having selected Check using a downloaded list of suspected sites.

Remember passwords for sites. Ticking this option enables login details for websites to be saved, you’ll be prompted as to what action to take when this is available;

This allows login details for websites saved and entered automatically into login forms for the site upon revisiting. Unticking this option results in login details always having to manually entered, which would seem most prudent, however, it is possible to secure your saved passwords as covered later.

Exceptions. This window list websites for which login details are never to be saved. These are added automatically when you select Never for This Site when prompted if you wish to save the password for that site. In the event you change your mind in the future and wish to be able to save passwords for a particular site, click this button and use Remove/Remove All as appropriate. Note – You will still be prompted if you wish to save the password when you next login to a previously listed site.

Use a master password. For improved personal security, clicking this option allows you to create a password that will be required for saved passwords to be auto-entered in forms. Successfully entering this password results in saved passwords automatically be entered for the remainder of the session, while failure means login details will not be loaded (You can still enter them manually of course). When creating a password ideally it will be at least 6 characters long and contain a combination of uppercase and lowercase letters, numbers and non-alphanumeric characters, e.g. S3curePassw0rd?.

Change Master Password. Press this button to change the existing master password.

The Password quality meter is intended to give some sort of measure as to how secure the password you’re creating is. Click Ok once you’ve found a combination that’s quite secure and you’ll remember.

Untick Use a master password should you wish to disable the use of a master password,

Show Passwords. Press this button to view a listing of Passwords Saved/Passwords Never Saved. By default only the Username and Site is displayed, but you can use the View Passwords if you really need to view them too. Sites can be removed from either listing individually using the Remove button in the Downloads window, or by selecting the Remove All button.

Choose which warning messages you want to see while browsing the web - Settings. Pressing this button allows you to select the security related warning messages which are to be displayed in Firefox. Note – These have no effect on phishing protection functionality.

Ticking an option to enable an appropriate warning message to be displayed while browsing, Unticking an option will disable such warnings from being displayed. The actions for which warnings are to be displayed are fairly self-explanatory. Technical sophistication will be a primary factor in determining which warnings to enable, if any.