Skip Navigation
93 comments
  • I don't even trust Steam, let alone Mozilla. I don't think I've ever had any credit card auto-fill on any browser I've ever had

  • The number being somewhere on your computer isn't something I'd worry about. The real risk is from a liberal autocomplete that might throw it into website forms where you don't want it to be, including hidden ones. Maybe there are protections in place since I last let Firefox save anything like this, but it used to try pasting address and CC info whenever it could.

  • I don't trust saving my CC numbers anywhere. And considering how many times retailers have been hacked and had that kind of information stolen I wish it were law that no one could save them.

  • I do trust it well enough, but I don't use it.

    For starters, I don't want it to be too easy to spend money. If I want something, I should want it enough to pull my card out and type the number again.

    Second, the auto-fill often doesn't work perfectly, so you need the card anyway.

    Third, there's the slim chance it could be hacked. So why even take that chance when the only benefit is convenience

  • I put it into my password manager. (KeePassXC with Syncthing to share the database)

  • I keep those kind of numbers in Keepassxc and cut and paste them when I need them. It's not that I don't trust FF I just think having one storage place is better than having two and it's just not necessary for FF to have them. A few extra seconds of copy pasting inconvenience is a price I'm happy to pay. For extra security I never cut and paste the CVC, that's always manual entry from memory.

  • No... not leaving cc on any browser... I use KeepassXC and setup to clear anything in the clipboard within 10 seconds

  • Your saved passwords are reversible too, just don't do it. If you really want to, put a password on it, but then why would you even save it at all? The convenience is lost at that point. And if you save it without a password, to decrypt the cc a decryption key has to be saved somewhere, and if it's not on your pc, it's saved on a server you don't own.

  • Temporary card numbers are awesome. Some CC providers give you one, otherwise you can use a service like privacy.com. You can also pay for things in crypto and keep only a limited amount of crypto in your browser-based wallet or do multi-sig so you have to approve transactions from two different devices. This can help minimize loss from an attack.

  • If you have malware on the machine it could just steal it when you use it the next time.

  • I don't. But even if I did, I wouldn't have much use for it as I use single-use debit cards generated via my bank app or TatraPay (my bank's instant method of QR code payments) if the merchant has that option. I just wish there was a universal method for instant QR code payments. It's pretty convenient.

93 comments