Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

RE: Firefox Sync/Account Credentials; when using a Firefox account how are my usernames and login creds. stored in cloud? AES, compressed, etc...?

  • 1 freagra
  • 1 leis an bhfadhb seo
  • 19 views
  • Freagra is déanaí ó philipp

more options

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...?

Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times.

Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems.

So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently.


Best Regards;

cincinattus

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...? Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times. Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems. So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently. Best Regards; cincinattus

All Replies (1)

more options

hi, https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol contains some documentation about that.