Secure your settings
-
Do you use the copy to clipboard feature of Masterpassword? go to addon preferences and turn it off.
-
Turn off Firefox remember login name and password, starting with Masterpassword v2.1, the addon can fill in user name automatically.
The plugin can store your master key in your OS' key store (ie GNOME Keyring, KWallet, OSX Keychain or Windows Password Vault). This feature is disabled by default. You'll need to download additional software (see NativeBridge-Linux, NativeBridge-OSX or NativeBridge-Windows), and enable the feature in the addon preferences menu.
Keeping your passwords in MasterPassword is relatively secure, given that your master key is not easily guessed.
These system password vaults have a varying degree of protection (encrypted on disk etc), but are generally not protecting you from attacks while you are logged in (typically, any program can access all passwords). Some (hey windows) even "roam" your password by default. Sounds nice, but that basically means that your passwords are floating around the internet, hopefully well encrypted.
In summary, your master key is kept safest when stored only between your ears. If you, however, accept the risks, it is quite convenient and the feature is there for you.