Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Why does Firefox Sync removes data when password was changed?

  • 3 回覆
  • 1 有這個問題
  • 23 次檢視
  • 最近回覆由 Jamie Kitson

more options

Hi,

First of all let me indicate that I appreciate the job you have been doing as Firefox support / development teams.

I've just learned that firefox sync removes the stored data when password was changed right after trying to get help for not-restored settings. I think it is quite common forgetting a password and recovering by mail - reset. I am just so curious about the reason why Firefox Sync removes all data when password was changed.

Hi, First of all let me indicate that I appreciate the job you have been doing as Firefox support / development teams. I've just learned that firefox sync removes the stored data when password was changed right after trying to get help for not-restored settings. I think it is quite common forgetting a password and recovering by mail - reset. I am just so curious about the reason why Firefox Sync removes all data when password was changed.

所有回覆 (3)

more options

hi, this is due to the security-focused design of sync - before it leaves your device, all sync data gets encrypted with a key derived from your password & only this encrypted dump is stored on the sync servers. there is no other way to get to the encrypted data, than knowing your original password (not even for mozilla or other "interested parties"). there should also be a warning about all stored sync data being gone at the beginning of the password changing procedure in firefox accounts.

the very technical details of this process are described at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

more options

So, in my humble opinion; just decrypt data when user resets his/her passwd and re-encrypt data with the new passwd. OK, I know you'll say it's not possible to decrypt data without the passwd that it was encrypted first but ... don't you think user is still authorized to view or restore them once he/she resets via e-mail? Putting a warning message is not enough. Any personal account is recoverable without data loss in today's world. Even still if it has to be used, then this very important information should be highlighted in bold red letters, warning icons, in a separate step of the wizard. I need to cover a lot of passwords. However I feel like I am speaking against the famous for privacy policy of the firefox that I've been using for a long time with love. Maybe you're right. Maybe browser is on top of other personal accounts like a main gate.

Anyways guys, make it better, ok? Good luck with that.

more options

firefox_user_1665322 said

don't you think user is still authorized to view or restore them once he/she resets via e-mail?

The whole point is that Mozilla can't access your information. Your login details and browsing history would be a goldmine for governments/hackers, this way Mozilla can tell governments where to go because they really can't access it, and likewise they can't access it if someone forgets their password. If you're not that bothered about security then just choose a really weak, easy to remember password.