Ko tenda hembiapoite sa’ivéta oñemba’apokuévo hese hembiapo porãve hag̃ua. Peteĩ jehaipyre nomoĩporãiramo ne apañuái ha eporanduséramo, roguerekohína ore nepytyvõ rekoha ikatútava ndeykeko @FirefoxSupport Twitter-pe ha avei /r/firefox Reddit-pe.

Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

RE: Firefox Sync/Account Credentials; when using a Firefox account how are my usernames and login creds. stored in cloud? AES, compressed, etc...?

  • 1 Mbohovái
  • 1 oguereko ko apañuái
  • 19 Hecha
  • Mbohovái ipaháva philipp

more options

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...?

Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times.

Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems.

So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently.


Best Regards;

cincinattus

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...? Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times. Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems. So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently. Best Regards; cincinattus

Opaite Mbohovái (1)

more options

hi, https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol contains some documentation about that.