In an answer to this question: https://support.mozilla.org/en-US/questions/1318109#answer-1376159 cor-el warned that using OS authentication (like TouchID on a Mac with Touchbar) for passwords instead of a Primary Password is actually not really safe because apparently it doesn't encrypt logins in logins.json and it would be possible to extract them by running: prompt("Logins",JSON.stringify(Services.logins.getAllLogins())); Now I am a bit worried and confused because for storing Credit Cards the default is, of course, using OS authentication (I don't think there's an option to set a password instead). Is that safe, i.e., is the credit card information encrypted (even without a Primary Password)? And if so, would anybody be able to explain the differences between these two approaches and why it's not possible to use OS authentication with logins/passwords in a safe way but it is with Credit Cards?