This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox Sync is completely insecure

  • 3 replies
  • 2 have this problem
  • 10 views
  • Last reply by mr_gou

more options

After my Android mobile phone was stolen, I was stunned when I read this: https://support.mozilla.org/en-US/kb/disable-firefox-sync-lost-phone-or-tablet. It simply is an admission that Firefox sync is completely insecure. Any other similar services allow to dissociate a specific device so that the data cannot be accessed. However, with Firefox, the so-called most secure browser, all passwords can be accessed on a stolen device, even in clear with the password manager extension, and there is nothing you can do about it! That's just incredible!

After my Android mobile phone was stolen, I was stunned when I read this: https://support.mozilla.org/en-US/kb/disable-firefox-sync-lost-phone-or-tablet. It simply is an admission that Firefox sync is completely insecure. Any other similar services allow to dissociate a specific device so that the data cannot be accessed. However, with Firefox, the so-called most secure browser, all passwords can be accessed on a stolen device, even in clear with the password manager extension, and there is nothing you can do about it! That's just incredible!

All Replies (3)

more options
with Firefox, the so-called most secure browser, all passwords can be accessed on a stolen device

This is only true if you don't take any precautions. If you're so security conscious as it sounds, why didn't you think about that before your device got stolen?

and there is nothing you can do about it!

Not true. https://support.mozilla.org/en-US/kb/using-master-password-firefox-android

Did you bother to set a master password?

Whether it's a good idea to make sensitive passwords available on a mobile device in the first place is a different story.

more options

to add to the prior reply: as it is built now, firefox sync is not a separate data source that you can plug in & out of a device. it is a service that brings the local data of multiple devices to the same level (so data that arrives on your device via sync is no different than data you manually enter on a device which isn't connected to an account).

more options

I understand your point, but what I'm questioning is that you can't dissociate a connected device, which is a pretty standard feature of many synchronized data services, such as Google, Evernote, Facebook, Dropbox and others. For a feature that stores data such as password, this is a huge gap.