This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Should I first delete all saved passwords before assigning master password firefox 21

  • 6 replies
  • 9 have this problem
  • 34 views
  • Last reply by cor-el

more options

I want to start using the 'Master Password' feature. There are a couple of hundred 'stored' passwords in the Options-Security-Saved Passwords tab so I'm wondering if it would be best to delete ALL of these before setting up a Master Password. I will be changing and deleting several of the 'stored' passwords anyway. But my main question is whether or not the 'Master Password' would encrypt All of the existing 'stored' passwords and what if they have already been comprised by surfing anyway??

I want to start using the 'Master Password' feature. There are a couple of hundred 'stored' passwords in the Options-Security-Saved Passwords tab so I'm wondering if it would be best to delete ALL of these before setting up a Master Password. I will be changing and deleting several of the 'stored' passwords anyway. But my main question is whether or not the 'Master Password' would encrypt All of the existing 'stored' passwords and what if they have already been comprised by surfing anyway??

Chosen solution

Al current passwords will be encrypted with the Master Password if you set one and that includes passwords that you already have saved. So there is no need to delete the current passwords.

Read this answer in context 👍 16

All Replies (6)

more options

No need to delete that.

Master passwords are used to protect the saved passwords.

Know more about Master Passwords

more options
more options

What if the existing 'Stored' list has already been comprised by surfing or some other invasion??

Question is, are 'new' user names and passwords protected better when they are 'entered' and 'saved' by firefox after you have a 'Master Password' enabled??

I guess I don't understand how the M/P protects the 'saved list'.

I'm thinking it has to be best to build a 'new' list after the M/P is created. Probably should change all the old passwords anyway. "Just because you're paranoid doesn't mean they aren't after you" Joseph Heller.

more options

The names and passwords are encrypted with a Triple DES key that is stored in key3.db and the master password adds an additional level to that encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.

more options

While this does not answer my 'simple' question, it is, nonetheless, a very technical answer about the purpose of using a 'master'.

The 'simple' question was "are new user names and passwords protected better when they are 'entered' and 'saved' by firefox after you have a 'Master Password' enabled??

I am going to assume that there is 'technically' no advantage, but it might be a good time to 'remove' all existing 'stored' p/w and start new with creating a M/P and re-entering or better yet changing the old passwords and letting them be saved anew. I 'screen-printed' the existing Stored passwords and copied to a word doc, plus I turned the doc landscape, R-clicked the image of each page and increased the 'size' to 100% (in my case) so I could read the copied user name / password list (each screen-print image would fill one page in the word doc). I guess I will have to tell it to NOT save the old p/w and wait until I Change it to actually 'save' it. Good luck. Maybe I'm just insane, but remember - "Just because you're paranoid doesn't mean they aren't after you" Joseph Heller.

more options

Chosen Solution

Al current passwords will be encrypted with the Master Password if you set one and that includes passwords that you already have saved. So there is no need to delete the current passwords.