Password security
OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let anyone using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?
الحل المُختار
The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Read this answer in context 👍 1All Replies (2)
الحل المُختار
The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
I confess, I'm astonished that the default is to allow anyone using the browser to be able to access all password info. This browser is really not suitable for the general public, IMHO.