Firefox Lockwise - Alerts for breached websites

Starting in Firefox version 70, Firefox Lockwise will show alerts about potentially vulnerable passwords that were exposed in data breaches. If it’s likely that one of your saved logins was exposed in a known data breach, you’ll see this alert with its associated login. Select Learn more about this breach to read details about the breach on Firefox Monitor.

Alerts for breached websites in Firefox Lockwise

How Firefox notifies about website breaches

Firefox checks the date of a known website breach against the date you saved a password for that website. If the website was breached after you saved your password, you’ll see this alert. The database of breached websites is provided by Have I been Pwned.

In a future release of the browser, Firefox will also check to see if you’ve reused any of these potentially vulnerable passwords with other logins you’ve saved to Lockwise. The browser does this by creating an encrypted list of your breached passwords, then checking it against all your saved passwords. Firefox does not keep logs of your plaintext passwords or know them.

Note: Firefox never sends your logins or passwords to third-party services or servers. It keeps all data regarding logins and breaches anonymous. Read more about the k-Anonymity technique Firefox uses to protect your data.

Turn off website breach alerts in Lockwise

Disabling the feature also prevents Firefox from checking to see if you’ve reused these potentially vulnerable passwords on any of your other saved logins.

  1. Click the menu button New Fx Menu Fx57Menu and select Options.Preferences.
  2. Select the Privacy & Security panel and go to the Logins and Passwords section.
    Fx70settings-LoginsAndPasswords
  3. Deselect the checkbox for Show alerts about passwords for breached websites.
// These fine people helped write this article:AliceWyman, Michele Rodaro, Lamont Gardenhire. You can help too - find out how.

Was this article helpful? Please wait...

Volunteer for Mozilla Support