Using a master password with Sync
- Revision id: 139798
- Creator: Joni
- Comment: added note per bug 1311131
- Reviewed: Yes
- Reviewed by: jsavage
- Is approved? Yes
- Is current revision? Yes
- Ready for localization: Yes
- Readied for localization:
- Readied for localization by: jsavage
Firefox has the option of using a "master password" to protect all your saved passwords. When a master password is enabled, your saved passwords are encrypted and can not be accessed without entering the master password. See Use a Master Password to protect stored logins and passwords for more information.
How does my master password work with Sync?
When using Sync, your Firefox Accounts login is stored with your saved passwords in the password manager. Your master password must be entered so Sync can access your Firefox Accounts login. Once the master password has been entered, Sync can also access your other saved passwords and sync them between your devices.
How are my passwords kept safe?
When you save website passwords, master password encrypts them before storing them on your computer, then decrypts them when they are handed to Sync after you enter your master password. Sync then takes your decrypted passwords, and re-encrypts them using a different (and better) encryption scheme based on your Firefox Accounts password, before sending the encrypted version online for storage on the Sync servers. The decrypted copies of your password are never transmitted online.
While Sync does encrypt your passwords online and on the Sync servers, it does not make any attempt to encrypt them on the device itself - that is the job of the Master Password. The master password itself is not synced between devices, so you can have a different (or no) master password on other devices.
(Tip: Increase protection by enabling a master password on each device. See Use a Master Password to protect stored logins and passwords and Using Master Password on Firefox for Android.)
Always choose a strong password for your Firefox Account and be careful not to lose it. If you reset your password after forgetting it, you will lose access to your Sync data until you resync your device using the new password.