Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Why I can see all my passwords without master-password with database synced with PC which have master-password turned on?

  • 4 antwurd
  • 4 hawwe dit probleem
  • 1 werjefte
  • Lêste antwurd fan LindaM

more options

I'm using Firefox with Firefox Sync on different PC's and master password is set from very beginning when I first started to use Firefox.

Today I installed Firefox for Android, authorized in Firefox Sync, opened logins tab, pressed "Show password" button expecting input form for my master password and.. I saw my password. And all others.

The master password was never typed on the android's keyboard. Firefox was never installed on the phone before. How does this possible? Does Firefox store my master-password in web? It's very very wrong. Now anyone who steal my Sync account can see all my passwords even without master-password.

I'm using Firefox with Firefox Sync on different PC's and master password is set from very beginning when I first started to use Firefox. Today I installed Firefox for Android, authorized in Firefox Sync, opened logins tab, pressed "Show password" button expecting input form for my master password and.. I saw my password. And all others. The master password was never typed on the android's keyboard. Firefox was never installed on the phone before. How does this possible? Does Firefox store my master-password in web? It's very very wrong. Now anyone who steal my Sync account can see all my passwords even without master-password.

Keazen oplossing

Firefox for Android has no knowledge of the master password set up on your desktop Firefox. Pressing the show passwords button will display the passwords.

If you would like to use a master password in Firefox for Android you can set that up. Tap the 3 dot menu in the upper right, select settings, select privacy, select Use master password and then choose a password.

The passwords are encrypted before transmitting to the Mozilla Sync service using your Sync password. The only data Mozilla Sync has is fully encrypted and Mozilla or another party cannot decrypt it. When you sign into Sync the encrypted passwords are downloaded and decrypted locally.

If you want the fine details there is a ton of documentation at https://github.com/mozilla/fxa-auth-server#firefox-accounts-server follow the first several links for an in depth explanation of the service.

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (4)

more options

Master passwords are local to that device Firefox does not Sync master passwords.

If you use your master password as a password on another website or as your Firefox Sync password then that would explain why it was displayed.

more options

kbrosnan said

Master passwords are local to that device Firefox does not Sync master passwords. If you use your master password as a password on another website or as your Firefox Sync password then that would explain why it was displayed.

I've been trying to say, that I saw all my passwords, not master password exactly.

Ok, if passwords encrypted with master password only locally, how do they stored on Sync servers? Raw or encrypted with any other password? With which exactly? How do they transferred? Where this decrypt-encrypt stuff is going on? Why it's needed? Why it can't be encrypted with only one password?

more options

Keazen oplossing

Firefox for Android has no knowledge of the master password set up on your desktop Firefox. Pressing the show passwords button will display the passwords.

If you would like to use a master password in Firefox for Android you can set that up. Tap the 3 dot menu in the upper right, select settings, select privacy, select Use master password and then choose a password.

The passwords are encrypted before transmitting to the Mozilla Sync service using your Sync password. The only data Mozilla Sync has is fully encrypted and Mozilla or another party cannot decrypt it. When you sign into Sync the encrypted passwords are downloaded and decrypted locally.

If you want the fine details there is a ton of documentation at https://github.com/mozilla/fxa-auth-server#firefox-accounts-server follow the first several links for an in depth explanation of the service.

more options

I also have this problem but did not expect my master password to migrate from my laptop to my phone via sync. I set up the master password on my Android phone only to find that when I reqeusted sight of a password, not only was I NOT ASKED for the master password, I was shown a full list of all of my passwords. I am so concerned about this that I am considering cancelling sync altogether so that my passwords are only kept on my main machine. NOTE - I am not blaming sync, this is clearly a problem solely with the master password in Firefox for Android.

Bewurke troch LindaM op