Legacy Password Editor removed; is Firefox Master Password Editor Now Secure?
To reiterate, Legacy Password Editor removed; is Firefox Master Password Editor Now Secure? Past history: I had used Password Editor (Legacy), the updated version of Firefox's Password Editor, via a developer. I was quite happy with the latter and never had a problem. Since Legacy's demise, I have subscribed to McAfee SafeKey, and quickly rescinded my account for same. Now, I am using LastPass, which is an involved, secure program. For me, too involved and, referred to as a remarkable program, it has plenty of quirks and mistakes, like not filling in login information. So annoying!
Therefore, yearning for the simplicity of Firefox's Password Editor, I pose the question w/Quantum, currently v57.0.2, is Firefox's Master Password Editor considered viable, i.e., secure?
Thanks in advance for a security/safety review of the current Firefox Password Editor.
Chosen solution
Names and passwords that are stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The Master Password adds an extra level to that encryption. When you don't use a Master Password, having access to key4.db and logins.json is all it takes to have access to the encrypted names and passwords by placing both files in a Firefox profile folder.
Use a strong password : at least 10 characters and use some symbols and numbers, not just letters.
Also see : https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins
And : https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import
Read this answer in context 👍 1All Replies (2)
Hi, I would say maybe, I would not use it myself. Pen & paper person and memory. Not so much as insecure but if browser goes down maybe lost. Have had to tell, is lost before. Not many times though. Better off I think as personal opinion only to use 3rd party if so choose. There are several including Norton Password Manger here : https://addons.mozilla.org/en-US/firefox/extensions/ Explore your options and theirs.
Please let us know if this solved your issue or if need further assistance.
Chosen Solution
Names and passwords that are stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The Master Password adds an extra level to that encryption. When you don't use a Master Password, having access to key4.db and logins.json is all it takes to have access to the encrypted names and passwords by placing both files in a Firefox profile folder.
Use a strong password : at least 10 characters and use some symbols and numbers, not just letters.
Also see : https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins
And : https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import