I'm just scared that they're saved with reversible encryption on the disk, then malware could steal them
I trust it enough to use the feature, but I've got separate cards for online and in-person purchases. The online card is temporarily disabled in my bank app, and I only unblock it when I intend to use it. Takes like 30 seconds extra.
The in-person card is permanently unlocked for NFC and regular store transactions, but region locked to the country where I'm currently at, and transactions over $30 require the PIN.
I don't trust saving my CC numbers anywhere. And considering how many times retailers have been hacked and had that kind of information stolen I wish it were law that no one could save them.
The number being somewhere on your computer isn't something I'd worry about. The real risk is from a liberal autocomplete that might throw it into website forms where you don't want it to be, including hidden ones. Maybe there are protections in place since I last let Firefox save anything like this, but it used to try pasting address and CC info whenever it could.
I simply use my credit card number for my password on every site. it makes it so much easier to remember both. back in the day i would use my social security number. thanks to that simple trick, i never get robocalls or spam and i've been removed from most mailing lists because no one will ever issue credit or do business of any kind with me. a hacker stole my identity once and my credit score quadrupled. he even gave my identity back a week later!
You joke but back in the 90s when I first used the internet in the library I had to choose a password for the email. And the requirements were weird. Needs to be an exact length, letters, numbers, and so on. Then I realized my country SSN was a perfect match with the requirements! "Wow that's perfect, so I gonna use that as a password, nobody gonna guess that" - the naïve boy thought. Of course it was hacked by some other classmate that got the same conclusion and I realized that it wasn't that perfect and that almost everyone had the same idea due to the strict exact length requirements. (SSN in my country can be easily found again if you know name and DOB)
I keep those kind of numbers in Keepassxc and cut and paste them when I need them. It's not that I don't trust FF I just think having one storage place is better than having two and it's just not necessary for FF to have them. A few extra seconds of copy pasting inconvenience is a price I'm happy to pay. For extra security I never cut and paste the CVC, that's always manual entry from memory.
I don't. But even if I did, I wouldn't have much use for it as I use single-use debit cards generated via my bank app or TatraPay (my bank's instant method of QR code payments) if the merchant has that option. I just wish there was a universal method for instant QR code payments. It's pretty convenient.
Temporary card numbers are awesome. Some CC providers give you one, otherwise you can use a service like privacy.com. You can also pay for things in crypto and keep only a limited amount of crypto in your browser-based wallet or do multi-sig so you have to approve transactions from two different devices. This can help minimize loss from an attack.