This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

What is the point of having primary password since I see It doesnt change password hasjes in login.json?

  • 1 cavab
  • 0 have this problem
  • 19 views
  • Last reply by Dropa

more options

One of the help page say: Firefox Desktop encrypts your passwords locally in your user profile directory using a logins.json file. Firefox Desktop uses simple cryptography to obscure your passwords. Mozilla doesn’t have the ability to see passwords, but Firefox Desktop does decrypt the password locally so that it can enter them into form fields.

My understanding is that my local installation uses some auto-generated key to hash my passwords in logins.json. So I established my primary password hoping that all passwords in logins.json will be re-hashed with my new password. But surprisingly ll hashes remain the same. So, where is the security?

One of the help page say: ''Firefox Desktop encrypts your passwords locally in your user profile directory using a logins.json file. Firefox Desktop uses simple cryptography to obscure your passwords. Mozilla doesn’t have the ability to see passwords, but Firefox Desktop does decrypt the password locally so that it can enter them into form fields. '' My understanding is that my local installation uses some auto-generated key to hash my passwords in logins.json. So I established my primary password hoping that all passwords in logins.json will be re-hashed with my new password. But surprisingly ll hashes remain the same. So, where is the security?

All Replies (1)

more options

You can only see the password in the Browser manager and if you want to protect them then you should password protect your system first that will block prying eyes from looking where they shouldn't. One security is only good as the person whom password protects their system. Don't expect the Browser to be the endall of protection.