This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Mulongo oyo etiyamaki na archive. Tuna motuna mosusu soki osengeli na lisalisi

is firefox sync safe

  • 7 biyano
  • 1 eza na nkokoso oyo
  • 2 views
  • Eyano yasuka ya OJNSim

more options

Hi I thought about starting to use firefox sync for my bookmarks. I noticed that is also sync login details, and I don't understand how this can be safe.

Assuming the data is stored encrypted, how this can be decrypted on the other machine?

tx

Hi I thought about starting to use firefox sync for my bookmarks. I noticed that is also sync login details, and I don't understand how this can be safe. Assuming the data is stored encrypted, how this can be decrypted on the other machine? tx

All Replies (7)

more options

The Sync service uses a sync key to encrypt data locally before uploading. This Sync key is generated internally from the password of your Firefox account, so you do not need to worry about it. Without the correct password it isn't possible to decrypt the data stored on the Sync server because the correct Sync key can't be generated. The Sync key changes when you change the password of the Firefox account and you lose all data stored on the Sync server when you change the password of the Sync account. Other connected devices use the same name and password to log in to the Firefox Sync account, so they can decrypt data downloaded from the server locally. As long as you choose a strong password and you keep it to yourself then your data is safe.

See also:

more options

so anytime the same user and pass are supplied the same sync key will be generated. isnt it?

more options

Yes. If you would change the password of the Sync account or request a new password because you do not remember it then all data stored on the Sync servers is deleted because it can't be decrypted anymore and personal data stored on the Sync server is lost. You need to change the password on all connected devices and once again do an initial sync.

more options

So if I understand correctly, the process goes like that: 1. when syncing the login details it is encrypted locally using the sync user and password. 2. encrypted data is stored on Mozilla servers 3. when a new machine is being synced, the encrypted data is sent to that machine, and is being decrypted locally again.

Am I right?

more options

The email address and password of the Firefox account is used to login to the Sync server. This same password is also used locally to encrypt your data before it is send to the Sync server. Other connected devices can retrieve this encrypted data and since they use the same email and password they use that password to decrypt this data locally. So only encrypted data travels between a connected device and the sync server.

more options

Thanks. Now it is a bit more clear. two more questions please: 1. How does Master password fits into this model? 2. I never used this sync feature before, but now I read that in the past Mozila used a different mechanism, that allegedly was more secure. I'm interested how was it more secure? and if so, why did Mozila dropped that?

thanks