Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why is the saved password list not obfuscated or even behind an admin password prompt?

more options

I think it's unacceptable that in 2015 I could still harvest the average user's usernames and passwords by simply asking to use their browser for a few minutes. Edit > Preferences > Saved Passwords... should be behind a password prompt, rather than being accessible by default. Upon clicking this, you are given a list of usernames, passwords, sites the accounts are for, and the dates last used or changed. Upon clicking Show Passwords, the passwords are revealed, as described. This seems like an incredibly exploitable issue. Sure, a user has the option to not save passwords for future use, but the average user neither cares nor understands the issue in detail. Hell, I didn't even know this feature existed, and I've used Firefox since 2.x.x. It is my understanding that Chrome has this under a password lock, and I believe it is imperative that Firefox makes this change.

I've attached a screenshot of this menu, with my data removed.

Attached screenshots

Modified by sirwheatthins

All Replies (3)

more options

Net dropped out, failed to post image.

Edit: fixed, can't delete this reply.

Modified by sirwheatthins

more options

Chosen Solution

more options

the-edmeister said

https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Thank you, I was under the impression that master password was a password that is used in place of all other passwords, kind of like using Lastpass or something similar. I see that I was mistaken.