Secure Login provides a login extension similar to Opera's Wand login.

Secure Login provides a login extension similar to Opera's Wand login.

It uses the built-in password manager, but deactivates the prefilling of login forms.
Instead, you are now able to login with one click or a keyboard shortcut (ALT N).
Just add the Secure Login toolbar button to your toolbar, or use the provided statusbar icon.
If you hover over one of the icons, a tooltip is shown, displaying the login url and the number of available logins (users).
For more than one user or login forms on the current page a selection prompt is displayed on login.
You have the option to play sound notifications (*.wav) for found login data on the current page or when logging in.
All the options can be changed using the Secure Login settings menu or the statusbar icon context menu.

Secure Login provides you with a number of Security enhancements and helps protecting you from phishing:

Disabling the prefilling of login forms prevents malicious JavaScript code to automatically steal your login data.
This is due to the fact that no login data is inserted in form fields before the user clicks on the login button or logs in using the keyboard shortcut.
To make sure you login to the right website, the second level domain of the login url is compared to the second level domain of the current page.
If they do not match a dialog prompt is displayed before login.

SecureLogin provides you with an optional setting to protect you from all JavaScript code during login.
This can prevent cross-site scripting (XSS) attacks without having to deactivate JavaScript completely.
If you enable this option, your login data will never be inserted in any form fields nor will the login form be submitted.
Instead your credentials will be sent to the login page using internal Firefox methods.
Not all login forms will work this way, e.g. not those using JavaScript routines.
Therefore, you can add such websites to an exception list.

Requirements:

· Firefox 1.5 – 3.0.*

What's New in This Release:

Bugfixes:
· The bugfix for the ebay login page - skip status change events of windows other than the browser window - introduced a regression for login pages loaded in child frames. To fix both problems child frame events are not skipped anymore, but they do not reset all login objects either. Instead all login objects with still available windows are kept in memory.

Other changes:
· Added support for internationalized domain names for the second level domain comparison of source and target login hosts.
· Added textareas to the fields submitted with JavaScript protection enabled.
· Replaced multiple method calls to access the content document with local variables holding the document reference.
· Parsing child frames after parsing the parent window.
· Make use of broadcaster and observers for the JavaScript protection menu items.
· Properly align the login count for multiple listed URLs displayed on the tooltip.