This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

stored password security in firefox

  • 1 reply
  • 1 has this problem
  • 7 views
  • Last reply by cor-el

more options

I just installed Brave, and clicked on "Import settings & bookmarks", then chose Firefox from a popup list

Without typing my password, or doing anything else, Brave then instantly imported all of the saved passwords that I had stored in Firefox. I can now view all of my most secret saved passwords of Firefox... in Brave

This makes me wonder, if Brave can instantly import (and display in clear text) all of my Firefox saved passwords, couldn't any other rogue app do exactly the same?

Shouldn't they be stored in an encrypted format, at least?

Am I missing something or are the passwords wide open that Firefox saves?

I just installed Brave, and clicked on "Import settings & bookmarks", then chose Firefox from a popup list Without typing my password, or doing anything else, Brave then instantly imported all of the saved passwords that I had stored in Firefox. I can now view all of my most secret saved passwords of Firefox... in Brave This makes me wonder, if Brave can instantly import (and display in clear text) all of my Firefox saved passwords, couldn't any other rogue app do exactly the same? Shouldn't they be stored in an encrypted format, at least? Am I missing something or are the passwords wide open that Firefox saves?

All Replies (1)

more options

Are you using a primary/master password because if you do not use it then it is quite easy to get the logins because the encryption key is stored in key4.db (SQLite database) ?

If you use a Primary Password then you shouldn't be possible.