Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Preventing access to about: pages, specifically about:logins

  • 9 ŋuɖoɖowo
  • 0 masɔmasɔ sia le wosi
  • 95 views
  • Nuɖoɖo mlɔetɔ cor-el

more options

Hi,

I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?

  • pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings.

As for policies:

  • a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that.
  • PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need.
  • WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either.


Any help is appreciated. Thanks in advance!

Hi, I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox? * pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings. As for policies: * a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that. * PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need. * WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either. Any help is appreciated. Thanks in advance!

slavev16 trɔe

All Replies (9)

more options

See also this thread on the Firefox for Enterprise forum.

Helpful?

more options

Yeah, I've looked at DisablePasswordReveal too, just forgot to mention it. Thing is that it only disables the show/hide button on the password field in about:logins, but the button to copy the password still remains, same for the export logins option.

Helpful?

more options

Setting PasswordManagerEnabled to false disables access to the about:logins page, but doesn't entirely disable the Password Manager. It does disable access to the about:logins page and does disable auto-fill, but it still allows to use the Password Manager via "Use Saved Login/Password" in the context menu assuming you aren't using the PP or unlock the Password Manager otherwise like via the Device Manager (Settings -> Privacy & Security -> Certificates -> Security Devices -> Software Security Device).

See also:

  • /questions/1375357 Could Firefox ask for main password at launching, not tenth seconds after ?

Helpful?

more options

cor-el said

and does disable auto-fill, but it still allows to use the Password Manager via "Use Saved Login/Password" in the context menu

Thank you for your answer, that's an interesting thing which I haven't noticed. So, with the policy set, normal autofill doesn't work, but if you right click and select "use saved login" it does autofill the selected item... Kinda rough, but I'll see if it'll do the job.

Helpful?

more options

> and does disable auto-fill, but it still allows to use the Password Manager via "Use Saved Login/Password" in the context menu

That seems like a bug I should fix...

Helpful?

more options

^: I hope that this won't hide/disable using "Use Saved Login/Password" with signon.rememberSignons = false as I like to use this setting to prevent Firefox from asking to store a new login or update a saved login without the need of an exception (some websites have a habit to modify a password field).

If they use the PP (there are policies for the PP) then others would need to know this PP and know how to login to the SSD to make this work as this might be sufficient is cases where a user wants to block access to about:logins, but still want to be able to enter a saved username and password. Without a PP there is no real protection anyway.

Helpful?

more options

What does PP stand for?

Helpful?

more options

He means Primary Password.

Helpful?

more options

Helpful?

Bia biabia

Ehia be na log in to your account be na ɖo post ŋu. Medekuku start a new question, ne nye be account mele asiwo haɖe o.