Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

master password

  • 19 replies
  • 9 have this problem
  • 341 views
  • Last reply by manooz51

more options

I can't find where master password is configured. I read the instructions in help section but they do not lead to something i could find.

Chosen solution

Hi

This is not a feature in the new Firefox for Android. Instead, we have improved the credential management tool and protected it with your device password.

Read this answer in context 👍 1

All Replies (19)

more options

Helpful?

more options

Chosen Solution

Hi

This is not a feature in the new Firefox for Android. Instead, we have improved the credential management tool and protected it with your device password.

Helpful?

more options

Thank you for your response.

Helpful?

more options

I'm concerned this won't protect passwords as effectively as when an additional master password was required, e.g. if mobile device picked up in casual use. It's more streamlined, sure, but this seems to be at the price of some security.

Helpful?

more options

It wasn't till I came here that I discovered that the latest (awful) update to Firefox for Android (79.0.5 on my device) and Firefox for Android Beta, has abolished Primary (formerly Master) password. But unfortunately you didn't alter the FAQs associated with the upgrade - they all give out of date advice about the Master Password facility relating to an earlier UI. This has been VERY poorly done.

Helpful?

more options

Abolishing master password is a bad idea, really, it was a better way to secure and protect my passwords, you should let the choice to keep it or not.

Helpful?

more options

Hi, What's particularly worrying to me is the fact that (at least) version 79.0.5 allows pre-filling credentials without *any* protection: As soon as you open FF, you can go to any site requiring a login and FF will pre-fill the credentials without any further question. Moreover, as many sites now allow showing the password entered upon request before logging in, intruders don't only get access to the site on the device but can simply note down the credentials for use on any other device. That all, to me, is *EXTREMELY BAD* security design, which I hope will be fixed very quickly.

Helpful?

more options

Seburo said

Hi This is not a feature in the new Firefox for Android. Instead, we have improved the credential management tool and protected it with your device password.

I too am concerned with this latest change! One of the biggest reasons I use Firefox (and recommend/install it on the devices I set up for others) was because it included the option to use a master password to protect login data. Without it, I won't feel safe saving any passwords, on either my mobile device(s), nor my computer(s), which means I will be looking elsewhere for a browser! Yes, you've included a separate app to do this, but according the reviews, it is not even working right, AND, you're expecting users to install yet another app of questionable security to do a job Firefox has always been doing well. Sorry Firefox, but youre not much better than Chrome right now - an app which I detest! Thanks for removing the most useful option your browser offered in order to add crap options that aren't really that important overall.

Opera, Dolphin, here I come.

Helpful?

more options

I am also concerned about the removal of the Primary Password feature on mobile devices. As an IT security professional, I always want the option to use discreet passwords for all of the tools I use to protect my login credentials:

  • My Password Vault
  • My OTP token app
  • My app backups

Heck, even the settings app on my phone is protected with a password. Up til now, I've also kept my FF primary password discreet from all of the others. I also never use the device's own authentication for any of these things - Passphrase or biometric. This way, if someone were to somehow gain physical access to my phone and defeat the device's password, they don't automatically gain access to all of my other credentials. Instead, they have to attack password after password after password.

Now, that said, I can see why many people might like to be able to use their device's authentication in this context: most people don't have the discipline or patience to go through what I do. However, this should be implemented as an OPTIONAL feature for those who want it, while keeping the existing functionality for those of us who DO want it to work this way.

Luckily for me, I was able to roll back to the previous version of Firefox so I can continue to use this functionality. Obviously, this isn't ideal, and at some point I'll need to update in order to get security fixes and other things. I'm not sure how I will proceed at that point, unless this functionality is restored.

Please consider this feedback from a user who's been using Firefox since it was called "Phoenix."

Helpful?

more options

Bitte senden Sie mir eine Nachricht, wenn diese Feature wieder installiert wurde. So lange werde ich einen anderen Browser verwenden!

Helpful?

more options

What more do you need Firefox, what are you thinking? The OPTION for a primary password, discreet within the app, is obvious, fundamental, and simple enough to implement, I do not understand the problem your designers, decision-makers, and programmers could be having. It should be a higher priority than Lockwise or the like integration. Restore it. Please. Simple. Or lose users and reputation.

specifically:

On the Android app: settings>logins and passwords>saved logins

displays all saved logins. When you click one, and then the eye icon, the password is displayed.

Absurd. Saved logins should not display without the option to require a primary (was master) password (the first time, and each time the app is closed).

(And I do NOT mean Lockwise, which is buggily about sharing across devices. Or locking the phone entirely as with fingerprint. I mean an option to set a mater password totally and exclusively within the app. Like there used to be. Like there is in the Windows version.)

Please and thank you.

Helpful?

more options

When it auto updated on my Android all my passwords were wiped, really off to a great start here. Now I have some idea why. Please bring back the master password I want it and I need it, so if some joker gets into my phone at least they won't get my passwords. I've been using FF in one form or another since Netscape. Throwing out my passwords and stopping a useful security feature is a bit much.

Modified by leegold1

Helpful?

more options

No primary password is a horrible choice. Ruins the browser tbh. I can deal with most of the other changes as little as I like them. But no password protection is not an option and the lockwise app is useless.

Helpful?

more options

In my work enviroment i can not reliably use "device biometrics" so i have a simple pin code to log-in quickly for phone and message use. I DEPEND on a strong browser password to protect my sensitive banking and email accounts.

Helpful?

more options

I spent a lot of time trying to find where to enter master password. Now i find it was not me who was stupid, the program is. Sigh, time to close account.

Helpful?

more options

This is NONSENSE! There is NO protection at all on my logins. No master password. No device password.

Helpful?

more options

Definitely week point I juste discovered,.

Dude Dudeson said

I am also concerned about the removal of the Primary Password feature on mobile devices. As an IT security professional, I always want the option to use discreet passwords for all of the tools I use to protect my login credentials:
  • My Password Vault
  • My OTP token app
  • My app backups
Heck, even the settings app on my phone is protected with a password. Up til now, I've also kept my FF primary password discreet from all of the others. I also never use the device's own authentication for any of these things - Passphrase or biometric. This way, if someone were to somehow gain physical access to my phone and defeat the device's password, they don't automatically gain access to all of my other credentials. Instead, they have to attack password after password after password. Now, that said, I can see why many people might like to be able to use their device's authentication in this context: most people don't have the discipline or patience to go through what I do. However, this should be implemented as an OPTIONAL feature for those who want it, while keeping the existing functionality for those of us who DO want it to work this way. Luckily for me, I was able to roll back to the previous version of Firefox so I can continue to use this functionality. Obviously, this isn't ideal, and at some point I'll need to update in order to get security fixes and other things. I'm not sure how I will proceed at that point, unless this functionality is restored. Please consider this feedback from a user who's been using Firefox since it was called "Phoenix."

Hello Dude Can you advise how to reinstall a previousversion of firefox so that master password can still be activated as you suggest? And which version has this option. Thanks very much for any help

Modified by Liberte

Helpful?

more options

Hello FF support, To give up the master password in FF-Android was a strange idea. Imagine, i sit in a street restaurant using my phone. I put it for a second on the table and its for sure still unlocked. Someone grabs it and runs away. So he can use ALL account logins stored in FF!

Please give us back proper protection. With password or fingerprint or both.

Thank you

Helpful?

more options

I fully agree: very bad idea. I was in the process of migrating all my passwords to firefox because I do not like dashlane, and I do not trust chrome for my private life....when I finally understood the disapearance of the master password on android (but not on my computer). You say you chose to protect with the phone pin code. Which could be a good idea as an option. But in fact this is not even exact. When I use firefox, if I want to look at my passwords list, yes, I need to enter my pincode / fingerprint. But if I want to log on a website on which I have an account, then firefox automatically fills the id and password, and never asks for any extra identification. This is not consistent, nor safe. I want autofill, but i want my device to ask me a master password or something! I downloaded wiselock, from which I can chose to automatically log out after 5 minutes (nice, ok, appart from the fact that it logs in with the device pin code) or from which you can crystal clearly log out (not the case for the firefox app: where can I log out? The only obvious way is to stop Sync, but this is supposed to be a completely independent feature). But if wise lock exists, then how does it work along with firefox, when does it hands over? When I am clearly logged out of lockwise, firefox continues to fill passwords without asking for any identification at all. This is not safe, nor clear. Anyway, whether I am logged out from firefox, Sync off, lockwise locked, passwords are automatically filled on websites. Which means that my device, if unlocked (6 poor numbers), is wide open, and I have no choice (appart cutting autofill of, but seriously). This is not serious guys.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.