Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Ova tema je arhivirana. Pitajte drugo pitanje ako vam je potrebna pomoć.

Firefox Lockwise generates twice the same password

  • 3 odgovori
  • 1 ima ovaj problem
  • 7 views
  • Posljednji odgovor poslao cor-el

Guillaume
Guillaume
more options

I do not know what is the procedure Lockwise uses for generating passwords, but I find quite odd that, coming twice on the same website, the password generator suggests me two identical "random" passwords.

Concretely, I have two Twitter accounts (with both my pair of login/password saved in Lockwise), and I decided to change those passwords with more robust randomly generated passwords. When I change the password of my first account, I ask for a random password ; I repeat the process with my second account, and get proposed the very *same* password. I precise that I observed this on other websites than Twitter.

I feel like this should not happen, and seems a huge security breach. Could it be that the seed used by the generator relies only on the website name...?

I do not know what is the procedure Lockwise uses for generating passwords, but I find quite odd that, coming twice on the same website, the password generator suggests me two identical "random" passwords. Concretely, I have two Twitter accounts (with both my pair of login/password saved in Lockwise), and I decided to change those passwords with more robust randomly generated passwords. When I change the password of my first account, I ask for a random password ; I repeat the process with my second account, and get proposed the very *same* password. I precise that I observed this on other websites than Twitter. I feel like this should not happen, and seems a huge security breach. Could it be that the seed used by the generator relies only on the website name...?

All Replies (3)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

This is probably about showing suggestions for entering the password and not about actually generating a password.

Did Firefox display a key symbol and a username as suggestion in the drop-down list ?

I think that you can only generate a password for a new login and not replace an existing password with a generated password (i.e. you need to remove this login and let Firefox generate a new login for this username).

Guillaume
Guillaume Vlasnik pitanja
more options

I know the difference between a password generation and a password suggestion.

I am talking about password generation, which is suggested for the "new password field", displayed in clear within the box "Use a password generated securely / Firefox will remember the password of this website", which you can also have by doing Right-Click > Use a generated password.

You can replace an existing password with a generated one, it usually works very well. For most websites in the "new password field" a random password will be proposed ; for other websites it is not well detected, but you can still ask for a generated password with the Right-Click menu.

To answer your question, in the drop-down list Firefox suggests my two usernames (as expected) and a newly generated password (all of them with a key). See the attached picture.

Problem is, when doing the operation twice within a few minutes, the password is the same.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

That third entry looks for me like a suggestion of a password that Firefox has generated and remembered before and not a newly generated password, but I do not have any experience with generating passwords.