This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Legacy Password Editor removed; is Firefox Master Password Editor Now Secure?

  • 2 replies
  • 3 have this problem
  • 1 view
  • Last reply by Happy112

more options

To reiterate, Legacy Password Editor removed; is Firefox Master Password Editor Now Secure? Past history: I had used Password Editor (Legacy), the updated version of Firefox's Password Editor, via a developer. I was quite happy with the latter and never had a problem. Since Legacy's demise, I have subscribed to McAfee SafeKey, and quickly rescinded my account for same. Now, I am using LastPass, which is an involved, secure program. For me, too involved and, referred to as a remarkable program, it has plenty of quirks and mistakes, like not filling in login information. So annoying!

Therefore, yearning for the simplicity of Firefox's Password Editor, I pose the question w/Quantum, currently v57.0.2, is Firefox's Master Password Editor considered viable, i.e., secure?

Thanks in advance for a security/safety review of the current Firefox Password Editor.

To reiterate, Legacy Password Editor removed; is Firefox Master Password Editor Now Secure? Past history: I had used Password Editor (Legacy), the updated version of Firefox's Password Editor, via a developer. I was quite happy with the latter and never had a problem. Since Legacy's demise, I have subscribed to McAfee SafeKey, and quickly rescinded my account for same. Now, I am using LastPass, which is an involved, secure program. For me, too involved and, referred to as a remarkable program, it has plenty of quirks and mistakes, like not filling in login information. So annoying! Therefore, yearning for the simplicity of Firefox's Password Editor, I pose the question w/Quantum, currently v57.0.2, is Firefox's Master Password Editor considered viable, i.e., secure? Thanks in advance for a security/safety review of the current Firefox Password Editor.

Chosen solution

Names and passwords that are stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The Master Password adds an extra level to that encryption. When you don't use a Master Password, having access to key4.db and logins.json is all it takes to have access to the encrypted names and passwords by placing both files in a Firefox profile folder.

Use a strong password : at least 10 characters and use some symbols and numbers, not just letters.

Also see : https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

And : https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import

Read this answer in context 👍 1

All Replies (2)

more options

Hi, I would say maybe, I would not use it myself. Pen & paper person and memory. Not so much as insecure but if browser goes down maybe lost. Have had to tell, is lost before. Not many times though. Better off I think as personal opinion only to use 3rd party if so choose. There are several including Norton Password Manger here : https://addons.mozilla.org/en-US/firefox/extensions/ Explore your options and theirs.

Please let us know if this solved your issue or if need further assistance.

more options

Chosen Solution

Names and passwords that are stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The Master Password adds an extra level to that encryption. When you don't use a Master Password, having access to key4.db and logins.json is all it takes to have access to the encrypted names and passwords by placing both files in a Firefox profile folder.

Use a strong password : at least 10 characters and use some symbols and numbers, not just letters.

Also see : https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

And : https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import