This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

Use of Primary Password has been changed!

more options

Primary Password is suppose to be prompted "once for each Firefox session, when Firefox needs access to your stored passwords."

In the latest 112.0.2 (64-bit) release, this feature no longer works. When I restart a new Firefox session, it immediately accesses webpages and accounts and automatically logs you in, without ever confirming the Primary Password.

Even when FF does ask you for the Primary Password, if you click on x and ignore the request, FF happily goes on and logs in to all secure sites without prompting a password.

This is a serious security problem! If I shutdown a laptop or quit out of Firefox, I don't want someone else to be able to power up the computer, launch the browser and have automatic access to all of my accounts, email, etc.

Thanks for looking into this and fixing it. Keep up the good work.

Primary Password is suppose to be prompted "once for each Firefox session, when Firefox needs access to your stored passwords." In the latest 112.0.2 (64-bit) release, this feature no longer works. When I restart a new Firefox session, it immediately accesses webpages and accounts and automatically logs you in, without ever confirming the Primary Password. Even when FF does ask you for the Primary Password, if you click on x and ignore the request, FF happily goes on and logs in to all secure sites without prompting a password. This is a serious security problem! If I shutdown a laptop or quit out of Firefox, I don't want someone else to be able to power up the computer, launch the browser and have automatic access to all of my accounts, email, etc. Thanks for looking into this and fixing it. Keep up the good work.

All Replies (2)

more options

That would normally only happen if have have chosen that the website remembers you and keep a session cookie, either via an allow cookie exception if you let cookies expire if you close Firefox or possibly via session restore that saves the cookies for open tabs. If you cancel a PP prompt then that would lock the logins automatically and opening about:logins should give you a PP prompt.

more options

lincolnhu said

Even when FF does ask you for the Primary Password, if you click on x and ignore the request, FF happily goes on and logs in to all secure sites without prompting a password.

When you cancel the Primary Password dialog, Firefox should not fill login forms. If you can get into sites without filling a login form after that, it's possible that you already had a live session on the site that you didn't sign out after your previous visit. When Firefox visits a site, it presents any cookies previously set by the site. If one of those cookies has a token that matches up with a live session, the site pops you back into that session. To test the Primary Password more conclusively, sign out of the site, return to the login form, and see whether Firefox will fill the login form without you properly entering your Primary Password.