Avatar for Username

Søg i Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Læs mere

Denne tråd blev arkiveret. Stil et nyt spørgsmål, hvis du har brug for hjælp.

Protection of synced logins when signing in on a new device

  • Ingen svar
  • 0 har dette problem
  • 3 visninger
tb2944
tb2944
more options

I use the Firefox password manager and choose to sync my saved logins between my desktop computer and my phone (running Firefox mobile). To begin with the obvious: Firefox, by default, does not require you to set up a primary password. Without one, anyone who can get past the lock screen of your desktop can see your saved logins. Furthermore, Firefox mobile does not include the primary password feature. If a user has not set up a lock screen on their mobile device, anyone can see the saved logins. This caught me by surprise as I recently bought a tablet for home use on which I installed (and synced) Firefox. For convenience, I did not set up a lock screen (I won't keep sensitive data or email accounts on the tablet). Being used to my desktop (which asks for the primary password) and my phone (on which Firefox automatically asks for the fingerprint/pattern already set up on the phone), I didn't stop to think that my saved logins on the tablet did not have equivalent protection. I realise this was naive, but the reason I think it could catch more people out is that almost everyone has a lock screen on their phone, but they don't think about setting up protection of saved logins because Firefox automatically adopts the phone's existing fingerprint/pattern for this function. I can imagine a similar scenario where a user installs Firefox on a second desktop device and syncs saved logins. Primary passwords are set locally and are not synced between profiles or devices. However, having already set up a primary password on their original desktop computer, the user might not realise that they do not automatically have the same standard of protection on the second desktop. This can all be deduced from the information already on the help pages, however perhaps the following could be considered: A message explicitly informing the user when syncing (a) what protection will be used by default (eg, the system fingerprint/pattern on a mobile device), or (b) that there is currently no system fingerprint/pattern/etc or primary password set up and that consequently the saved logins have zero protection.

I use the Firefox password manager and choose to sync my saved logins between my desktop computer and my phone (running Firefox mobile). To begin with the obvious: Firefox, by default, does not require you to set up a primary password. Without one, anyone who can get past the lock screen of your desktop can see your saved logins. Furthermore, Firefox mobile does not include the primary password feature. If a user has not set up a lock screen on their mobile device, anyone can see the saved logins. This caught me by surprise as I recently bought a tablet for home use on which I installed (and synced) Firefox. For convenience, I did not set up a lock screen (I won't keep sensitive data or email accounts on the tablet). Being used to my desktop (which asks for the primary password) and my phone (on which Firefox automatically asks for the fingerprint/pattern already set up on the phone), I didn't stop to think that my saved logins on the tablet did not have equivalent protection. I realise this was naive, but the reason I think it could catch more people out is that almost everyone has a lock screen on their phone, but they don't think about setting up protection of saved logins because Firefox automatically adopts the phone's existing fingerprint/pattern for this function. I can imagine a similar scenario where a user installs Firefox on a second desktop device and syncs saved logins. Primary passwords are set locally and are not synced between profiles or devices. However, having already set up a primary password on their original desktop computer, the user might not realise that they do not automatically have the same standard of protection on the second desktop. This can all be deduced from the information already on the help pages, however perhaps the following could be considered: A message explicitly informing the user when syncing (a) what protection will be used by default (eg, the system fingerprint/pattern on a mobile device), or (b) that there is currently no system fingerprint/pattern/etc or primary password set up and that consequently the saved logins have zero protection.