Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

RE: Firefox Sync/Account Credentials; when using a Firefox account how are my usernames and login creds. stored in cloud? AES, compressed, etc...?

  • 1 antwurd
  • 1 hat dit probleem
  • 19 werjeftes
  • Lêste antwurd fan philipp

more options

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...?

Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times.

Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems.

So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently.


Best Regards;

cincinattus

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...? Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times. Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems. So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently. Best Regards; cincinattus

Alle antwurden (1)

more options

hi, https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol contains some documentation about that.