Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Are the memorized passwords in plain english? See Sallie Mae Website

  • 3 replies
  • 2 have this problem
  • 2 views
  • Last reply by cor-el

more options

I was just on the Sallie Mae payment website and they have a warning that memorized passwords can be accessed in plain English. I thought the passwords were suppose to be secure and encrypted. Is there an update that needs to be installed. Very concerning.

I was just on the Sallie Mae payment website and they have a warning that memorized passwords can be accessed in plain English. I thought the passwords were suppose to be secure and encrypted. Is there an update that needs to be installed. Very concerning.

All Replies (3)

more options

Hi scrab,

I think that this is a website's choice. In general, payment websites are based on a database to store information like usernames/passwords etc.. There is a choice for this info to be stored encrypted but it can also be stored unencrypted/plain text. I think that's a bad practice to store passwords in plain text, but it's your website's choice.
What I suggest is: Don't use your favorite password!

Moreover, you can contact them and explain your concerns!

more options

Edit: This post is technically incorrect, as explained in the following post. But you still want to set a Master Password.

If you have Firefox remember passwords, they are NOT stored in a secure encrypted format UNLESS you apply a master password. I'm not sure there is a good warning about that. To learn more about master passwords, see this article: Use a Primary Password to protect stored logins and passwords.

Modified by jscher2000 - Support Volunteer

more options

They stored encrypted in signons.sqlite even if you do not use a MP, but having access to the key3.db file is sufficient to decrypt them and the Password Manager will also show them if you copy the two files to another profile folder or computer.


The names and passwords stored in signons.sqlite are encrypted with a Triple DES key (CBC mode) that is stored in key3.db and a master password adds an additional level to this encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.