Firefox may soon ask for the Windows Password to interact with saved passwords
Mozilla plans to introduce a change to the password management system of the organization's Firefox web browser on Windows that improves the security of the data.
Firefox users may save logins using native password management capabilities. Passwords may also be imported from other web browsers installed on the device Firefox is installed or run on, or my syncing data between Firefox instances.
The Firefox password manager, recently relaunched as Firefox Lockwise, will prompt users for the Windows password of the signed-in user account before certain interactions with passwords, e.g. the showing of passwords, is permitted; this will only happen if the Firefox user has not set a master password in the web browser.
Current versions of Firefox may be protected with a master password. Once set, and setup is completely optional, the master password is required to interact with password storage. Starting in Firefox 76, Firefox will protect passwords for accounts without master password. Since the default is off, many Firefox users will benefit from this security precaution.
Google has been using a similar system in its Chrome web browser. Unlike Firefox, Chrome does not support the setting of a master password.
Firefox will show a password or Pin prompt on Windows devices once the change lands. Firefox 76, Nightly, also has it implemented and users who are adventurous may take it for a test drive. Actions such as the request to reveal a password, to copy it, or to edit a password will spawn the prompt.
Note that this happens each time a request is made currently; it is unclear if Mozilla plans to implement a system that would request the password only once per session or once every y minutes to avoid user annoyance. Firefox will request the master password only once during a session and that system might be preferable to users who interact with passwords regularly.
You can follow the bug on Mozilla's bug tracking website. Firefox 76 is scheduled for a May 5, 2020 release.
Now You: do you use the built-in password manager of your browser or an external application/extension? (via Techdows)
Advertisement
Previous Post: « PayPal acquires maker of shopping extension Honey for $4 Billion
Next Post: Ghostery Midnight review and giveaway »
I’m a Chromium user and I’ve disabled browser password saving. Afaik each and every Windows version has been cracked with ease.
I’m not that familiar with Firefox, but a compartmentalized version appears to be more secure.
Unless using cloud synchronization, whichever browser. I prefer writing mine on a Post-it.
Time to set a FF master password I think. Not sure I want Firefox or any installed 3rd party app requesting my windows user account password.
I agree with Trey. It makes little sense, even in the name of increased security, to exposed another key password [window’s logon] in any other context.
This will be great, as I use Firefox and Lockwise at work.
I used to use both the Firefox password manager, and the one built-in to the Mac (called Keychain). However there are so many malicious cracks floating around online that finally I decided to create a simple encrypted method of my own (not a real program) for storing passwords. My theory is that it’s so unique and obscure that nobody is going to attempt a breach.
Also, for convenience, I’ve consciously set about memorizing as many of my main passphrases as possible. (This is possible because they’re composed of word snippets and numbers that are only meaningful to me.) This way I can (1) exercise my memory, and (2) still have my encrypted thingie to fall back on if I forget one of them.
So far it has worked great, less hassle than it sounds like.