Sync and Master password
Can somebody sane please explain to me why firefox developers haven't implemented a smooth sync when there are Master Password's involved?
I use firefox in my desktop and in my phone and I can't get the passwords to sync due to my desktop having a master password (which firefox itself proposes to have set so that my passwords are safe) and Android not having that and so it can't decrypt the desktop passwords.
How difficult it is to make syncing between Desktop and Android firefoxes smooth when you have set a master password for the desktop version?
Even if FF for Android is not using a Master Password why doesn't desktop FF ask for the master password, the proceed to decrypt the passwords in the background and then using sync (which as mozilla says transmits passwords in encrypted form) send them to the mozilla servers? I mean even if I haven't set a Master Passowrd the passwords submitted to Mozilla servers during syncing are always stored decrypted in some way right?
All Replies (3)
Hi
Firefox for Android does not have a primary password, but you may be asked for the android lock screen code that you have set to be able to access user credentials synced across from the desktop copy of Firefox.
On desktop you will of course have to unlock the Password Manager by entering the PP for Firefox to be able to sync the logins. On mobile the PP is no longer used, but biometrics (fingerprint and face recognition) can also be used to unlock the logins stored in Firefox.
In my experience, Firefox for Desktop is constantly nagging for the Primary password to the extent it is quite difficult to use Firefox in a locked and secured mode, entering only individual passwords on your own. However, even if unlocked it’s secure when attempting to view the passwords where it once again requests the Primary password for each view request. With an unlocked Firefox, you can use the passwords, you just can't view them to see if what was entered is correct unless the webpage allows viewing what was auto-filled. On the other end is Firefox for Android which doesn't use a password. If you set it up to Sync with your Desktop and include passwords, then the password list is auto-collected from the Desktop via the encrypted/password protected Sync account and is available in plain text protected only by the phone's screenlock. You cannot "sign out" of Firefox for Android to protect the passwords the way you can on the Desktop version and it is just simply easier and more secure to delete the whole app.