This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Secure primary password replaced by insecure PIN

  • 3 replies
  • 1 has this problem
  • 6 views
  • Paskiausią atsakymą parašė Paul

more options

Why has the primary password function (in my case fairly secure) been replaced with the very insecure Android PIN. More importantly, how does Firefox Android decrypt saved passwords without the primary password, or are they now stored in an unencrypted form?

Why has the primary password function (in my case fairly secure) been replaced with the very insecure Android PIN. More importantly, how does Firefox Android decrypt saved passwords without the primary password, or are they now stored in an unencrypted form?

All Replies (3)

more options

Hi

Thank you for your question.

The primary password feature was removed in the update as it was not as secure as we would have liked it to have been. Your login in credentials are stored in an encrypted form and in such a way that apps outside of Firefox for Android are unable to access them. Naturally, I recommend that your secure your device with the built in device encryption and passwords.

more options

Hi Seburo,

Thanks for the informative reply and I understand the reasoning for the change based on security issues. However, for myself, it had the unfortunate result of, post automatic app update, removing my secure 16_character password and replacing it with a relatively insecure 4_digit PIN. If this had occurred with the Windows version, it probably would not have had the same impact. OS versions for PCs tend to have better password complexity. (Although, thinking that you have two level security of OS/Firefox is also downgraded.) Phones, although possibly as powerful as a laptop, have a different usage model and trying to have the equivalent of a 16_character password for my Android phone would make it difficult to use (for me). Unfortunately I think the only solution for me is to remove Firefox from my Android phone. Cheers, Brent.

more options

Thank you for your feedback.