Avatar for Username

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Learn More

Αυτό το νήμα αρχειοθετήθηκε. Παρακαλούμε κάντε νέα ερώτηση αν χρειάζεστε βοήθεια.

Are my password on the local PC not protected?

  • 1 απάντηση
  • 0 έχουν αυτό το πρόβλημα
  • 25 προβολές
  • Τελευταία απάντηση από cor-el

nikitakirenkov
nikitakirenkov
more options

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure.

Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure. Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.
Συνημμένα στιγμιότυπα

Τροποποιήθηκε στις από το χρήστη nikitakirenkov

Επιλεγμένη λύση

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.

Ανάγνωση απάντησης σε πλαίσιο 👍 1

Όλες οι απαντήσεις (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Επιλεγμένη λύση

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.