X
Tap here to go to the mobile version of the site.

منتدى الدعم

Sign-in security flaw (no password required)

Posted

Astonishingly, Firefox Accounts, and everything behind them, do not require any password for sign-in/log-in. That is, I created a PW and logged in once. But no matter how many times I sign out, Mozilla's systems lets me back in with just a user name and no PW required. This utter failure at basic security is quite disturbing.

Astonishingly, Firefox Accounts, and everything behind them, do not require any password for sign-in/log-in. That is, I created a PW and logged in once. But no matter how many times I sign out, Mozilla's systems lets me back in with just a user name and no PW required. This utter failure at basic security is quite disturbing.
Quote
jscher2000
  • Top 10 Contributor
8962 solutions 73440 answers

Hi beskeptical, please ignore the spam message promoting an unofficial phone number.

Firefox usually saves your Firefox Account login. If you want to disconnect your Firefox Account between uses, you can use the menu for that.

Please note that locally saved logins are readily accessible when you start Firefox unless you set a Master Password. More info in this article:

Use a Master Password to protect stored logins and passwords

Hi beskeptical, please ignore the spam message promoting an unofficial phone number. Firefox usually saves your Firefox Account login. If you want to disconnect your Firefox Account between uses, you can use the menu for that. Please note that locally saved logins are readily accessible when you start Firefox unless you set a Master Password. More info in this article: [[Use a Master Password to protect stored logins and passwords]]
هل وجدت هذا مفيدًا؟ 0
Quote

صاحب السؤال

Hi @jscher2000:

Can you explain what you mean by "use the menu" to to disconnect? There is a drop-down menu in the upper right corner which includes an option for "sign-out." A normal user experience, and the the reasonable expectation, is that selecting this option would do what it says: sign-out. However, it does not, as a practical matter, because signing back in does not require re-enty of a password. This makes Firefox, a supposedly privacy oriented and security conscious group, different from every other website I've ever encountered. Thank you.

Hi @jscher2000: Can you explain what you mean by "use the menu" to to disconnect? There is a drop-down menu in the upper right corner which includes an option for "sign-out." A normal user experience, and the the reasonable expectation, is that selecting this option would do what it says: sign-out. However, it does not, as a practical matter, because signing back in does not require re-enty of a password. This makes Firefox, a supposedly privacy oriented and security conscious group, different from every other website I've ever encountered. Thank you.
هل وجدت هذا مفيدًا؟
Quote

صاحب السؤال

Hi following up. This remains an unresolved security flaw -- unless anyone knows a workaround. Thanks.

Hi following up. This remains an unresolved security flaw -- unless anyone knows a workaround. Thanks.
هل وجدت هذا مفيدًا؟
Quote
jscher2000
  • Top 10 Contributor
8962 solutions 73440 answers

Did you apply a Master Password? If so, the saved login for your Firefox Account won't be used until you enter it.

Did you apply a Master Password? If so, the saved login for your Firefox Account won't be used until you enter it.
هل وجدت هذا مفيدًا؟
Quote
اطرح سؤالا

عليك الولوج إلى حسابك للردّ على المشاركات. من فضلك اطرح سؤالًا جديدًا لو لم يكن لديك حساب بعد.