This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Password security

  • 2 replies
  • 0 have this problem
  • 21 views
  • Last reply by Ian Smith

more options

OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let anyone using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?

OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let '''anyone''' using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?

Chosen solution

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

Read this answer in context 👍 1

All Replies (2)

more options

Chosen Solution

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

Helpful?

more options

I confess, I'm astonished that the default is to allow anyone using the browser to be able to access all password info. This browser is really not suitable for the general public, IMHO.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.