This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

When is Primary Password going to protect stored cookies? (authentication cookies in particular)

  • 1 antwoord
  • 1 het hierdie probleem
  • 9 views
  • Laaste antwoord deur Dropa

more options

There is a wave of malware targeting authentication cookies stored on disk (e.g. recent LTT hack). It has become obvious that malware doesn't need to target stored passwords to get access to a site/account. Primary Password has solved this problem, but only for the stored passwords. The stored cookies are just as exposed as the stored passwords were, provide access to sites/accounts and bypass 2FA checks because they bypass normal login protocols.

Primary password should secure the stored cookies as well. When is this going to be implemented?

Thanks!

There is a wave of malware targeting authentication cookies stored on disk (e.g. recent LTT hack). It has become obvious that malware doesn't need to target stored passwords to get access to a site/account. Primary Password has solved this problem, but only for the stored passwords. The stored cookies are just as exposed as the stored passwords were, provide access to sites/accounts and bypass 2FA checks because they bypass normal login protocols. Primary password should secure the stored cookies as well. When is this going to be implemented? Thanks!

All Replies (1)

more options

That goes beyond what Primary password is only for Firefox account. One should check their cookie protection settings to change protection. Also one needs to insure their Security software is up to date and that it is working.