This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

how much can I trust firefox password manager

  • 3 tontu
  • 2 am na jafe-jafe bii
  • 2 views
  • i mujjee tontu mooy user1257813

more options

How safe is firefox password manager? Can you give us some information on this subject? Mainly focus on: how hard is it to crack the passwords on firefox password manager for a hacker? How are our data stored, i.e. which type of encryption, both in my computer and your Sync server?

How safe is firefox password manager? Can you give us some information on this subject? Mainly focus on: how hard is it to crack the passwords on firefox password manager for a hacker? How are our data stored, i.e. which type of encryption, both in my computer and your Sync server?

Saafara biñ tànn

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key3.db file. The master password adds an additional level to this encryption. If you do not use a master password then having access to key3.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder. Make sure to use a password that is sufficiently strong, e.g. at least 10 or 12 characters and a mixture of uppercase, lowercase, numbers and symbols that can't be found via a dictionary look up by combining words and you should be safe.

Jàng tontu lii ci fi mu bokk 👍 1

All Replies (3)

more options
more options

Saafara yiñ Tànn

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key3.db file. The master password adds an additional level to this encryption. If you do not use a master password then having access to key3.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder. Make sure to use a password that is sufficiently strong, e.g. at least 10 or 12 characters and a mixture of uppercase, lowercase, numbers and symbols that can't be found via a dictionary look up by combining words and you should be safe.

more options

Thanks for this valuable information. @cor-el