This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Sign-in security flaw (no password required)

more options

Astonishingly, Firefox Accounts, and everything behind them, do not require any password for sign-in/log-in. That is, I created a PW and logged in once. But no matter how many times I sign out, Mozilla's systems lets me back in with just a user name and no PW required. This utter failure at basic security is quite disturbing.

Astonishingly, Firefox Accounts, and everything behind them, do not require any password for sign-in/log-in. That is, I created a PW and logged in once. But no matter how many times I sign out, Mozilla's systems lets me back in with just a user name and no PW required. This utter failure at basic security is quite disturbing.

All Replies (4)

more options

Hi beskeptical, please ignore the spam message promoting an unofficial phone number.

Firefox usually saves your Firefox Account login. If you want to disconnect your Firefox Account between uses, you can use the menu for that.

Please note that locally saved logins are readily accessible when you start Firefox unless you set a Master Password. More info in this article:

Use a Primary Password to protect stored logins and passwords

more options

Hi @jscher2000:

Can you explain what you mean by "use the menu" to to disconnect? There is a drop-down menu in the upper right corner which includes an option for "sign-out." A normal user experience, and the the reasonable expectation, is that selecting this option would do what it says: sign-out. However, it does not, as a practical matter, because signing back in does not require re-enty of a password. This makes Firefox, a supposedly privacy oriented and security conscious group, different from every other website I've ever encountered. Thank you.

more options

Hi following up. This remains an unresolved security flaw -- unless anyone knows a workaround. Thanks.

more options

Did you apply a Master Password? If so, the saved login for your Firefox Account won't be used until you enter it.