This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

Master password not needed for syncing and showing passwords in plain text. How can this be secure?

  • 1 antwoord
  • 1 het hierdie probleem
  • 3 views
  • Laaste antwoord deur cor-el

more options

I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password?

I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted).

Best, Malte

I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password? I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted). Best, Malte

All Replies (1)

more options

Are you currently using a master password on some or all connected devices?

All your personal data is encrypted by using a Sync key that is derived from the password of the sync account, so all data that leaves your computer is always encrypted and only this password can decrypt this data.

Once you set a MP then already stored passwords will be encrypted with this master password. One you have entered the MP during a Firefox session like happens when you connect to Sync when Firefox is started logs you in to the Software Security Device and unlocks the password. That Firefox asks for the master password when you want to view the passwords in the Password Manager is not necessary, but is only an extra step added by the Firefox developers.