In Firefox’s main settings, you can tick a box to enable a primary password, and this will then be required every time you view your passwords on any synced version of Firefox, and every time you restart the browser to avoid autofill abuse by someone with access to your browser. However, the ability to set a primary password is something that Firefox does much better than rival Chrome, which has only just started rolling out a comparable feature to select users. It’s obviously been made for the benefit of Sync users who don’t want to deal with entering an extra password every time they open their browser, but in pure security terms, I’d like to see Firefox oblige primary password use for any account that stores passwords in the browser. However, anyone with physical access to your browser can simply view your passwords in Firefox’s password page. Your passwords are encrypted before being synced, subject to the usual HTTPS-grade TLS encryption when in transit, and still encrypted when stored online and on your hard drive, using a unique key based on your Firefox account password.
Like a Firefox Sync account, which it requires, Firefox Password Manager is completely free.
With a user-defined, zero-knowledge primary password and consistently rolled-out versions, Firefox Password Manager is a far more solid proposition than Google’s Password Manager – but it’s still seriously lacking in features. Security AES-256, password to encryption key derivation via 1000 rounds of PBKDF2įirefox has been taking user-side security tools more seriously than arch-rival Google Chrome for quite some time now.įormerly known as Firefox Lockwise, the Firefox Password Manager is integrated into every Firefox Sync account and, once activated, will synchronize and secure your passwords across every Firefox browser you have signed into your account.
0 kommentar(er)
