I am very surprised and somewhat disappointed that the Password manager protection does not sync across devices.
I refer to thread:"Firefox Primary Password is different … (read more)
I am very surprised and somewhat disappointed that the Password manager protection does not sync across devices.
I refer to thread:"Firefox Primary Password is different on my 2 PC's" in the archived Q&A section.
I love the Password manager and this is my main source to keep track of the 1000's of passwords we have to have to operate nowadays and they are easily accessible. It was always my issue that I felt they were very vulnerable as I had not turned on the Password protection due to bad past experience with not properly understanding the feature at first and being locked out of all my passwords or so it felt. I have now re-established this option and feel more secure(maybe foolishly).
But, I believe there is a serious security flaw in Mozilla. I can understand that you offer the option to have different password on a per device basis. However I feel the implementation of this is very dangerous and can inadvertently expose all my passwords without my consent.
When I opened my new computer, I did set-up Firefox as my primary browser and enabled Syncing data. I made the foolish assumption that Syncing my password would offer me the same protection as the one I have on my main PC. I was surprised not to be asked for my main password when opening the browser nor do I recall been asked to set-up one new one for the new machine.
If my profile says that I want my passwords to be protected, I would at minima force the same default on any new browser install and require either authorization and / or verification from the original or another previously registered device before sharing the passwords. Passwords should be protected by default as defined i my profile. Otherwise, if my Firefox account is compromised, I will automatically expose all my passwords to anyone.
I do not recall, because I do not install Firefox everyday, but on my Android device, I was not asked whether I wanted to protect my passwords or not. They were by default or so it felt. Yes, they do not use my main password, they rely on my bio-metric info. So, there is a basic layer of protection. Why not in Windows?
Your thoughts?