為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

is firefox sync safe

  • 7 回覆
  • 1 有這個問題
  • 2 次檢視
  • 最近回覆由 OJNSim

more options

Hi I thought about starting to use firefox sync for my bookmarks. I noticed that is also sync login details, and I don't understand how this can be safe.

Assuming the data is stored encrypted, how this can be decrypted on the other machine?

tx

Hi I thought about starting to use firefox sync for my bookmarks. I noticed that is also sync login details, and I don't understand how this can be safe. Assuming the data is stored encrypted, how this can be decrypted on the other machine? tx

所有回覆 (7)

more options

The Sync service uses a sync key to encrypt data locally before uploading. This Sync key is generated internally from the password of your Firefox account, so you do not need to worry about it. Without the correct password it isn't possible to decrypt the data stored on the Sync server because the correct Sync key can't be generated. The Sync key changes when you change the password of the Firefox account and you lose all data stored on the Sync server when you change the password of the Sync account. Other connected devices use the same name and password to log in to the Firefox Sync account, so they can decrypt data downloaded from the server locally. As long as you choose a strong password and you keep it to yourself then your data is safe.

See also:

more options

so anytime the same user and pass are supplied the same sync key will be generated. isnt it?

more options

Yes. If you would change the password of the Sync account or request a new password because you do not remember it then all data stored on the Sync servers is deleted because it can't be decrypted anymore and personal data stored on the Sync server is lost. You need to change the password on all connected devices and once again do an initial sync.

more options

So if I understand correctly, the process goes like that: 1. when syncing the login details it is encrypted locally using the sync user and password. 2. encrypted data is stored on Mozilla servers 3. when a new machine is being synced, the encrypted data is sent to that machine, and is being decrypted locally again.

Am I right?

more options

The email address and password of the Firefox account is used to login to the Sync server. This same password is also used locally to encrypt your data before it is send to the Sync server. Other connected devices can retrieve this encrypted data and since they use the same email and password they use that password to decrypt this data locally. So only encrypted data travels between a connected device and the sync server.

more options

Thanks. Now it is a bit more clear. two more questions please: 1. How does Master password fits into this model? 2. I never used this sync feature before, but now I read that in the past Mozila used a different mechanism, that allegedly was more secure. I'm interested how was it more secure? and if so, why did Mozila dropped that?

thanks