Fingerprint or PIN security of stored passwords
Before upgrading from version 68, as instructed I first removed the master/primary password I'd been using for years. I had thought this was going to be replaced with the phones own biometric fingerprint check.
Now if I open the list of stored passwords via settings option, that is actually the case. But in normal use, when going to a website with a login page, the stored password is just being auto filled in without any kind of security check being asked for. Is that how it's intended to work? If so, in my view it's not very secure at all.
(Yes, I've posted this question once already, but had absolutely no replies. Could some mozzilian PLEASE break off from making all those improvements you keep promising, just to say yes, that's how it's meant to be, we think it's safe, or no, something's not right there. Thanks.)
All Replies (3)
Hi Dave
This is something that we looking at including in a future update. You can follow progress on this work at: https://github.com/mozilla-mobile/fenix/issues/14428
Thank you for that link.
I now understand this is the intended behaviour, not a bug. The reasoning behind this seems to be, if you’ve unlocked a phone (assuming you’ve got a PIN set, or using a fingerprint sensor) you have already authenticated usage of… well everything really. Email, Google Drive, Photos…
Banking?
No, your banking app asks for additional authentication when you launch the app, and quite right too.
Actually, thinking about it so does the app I use to top-up my PAYG. (I did wonder why, as there’s no way to extract money from it, only add to it.)
And Google Play when purchasing an app?
I guess the common thing here is these all involve money.
But what about my Doctors surgery, my medical notes? My Amazon account? My domain registrar?
Surely they’re all equally sensitive? Don’t they deserve the same consideration?
I came across these links which nicely sum up the real problem… https://github.com/mozilla-mobile/fenix/issues/14501#issuecomment-727872443 https://github.com/mozilla-mobile/fenix/issues/14501#issuecomment-685006415
I guess what I’m saying is
a) I need rapid access to the phone itself, e.g to make a phone call (rare, but it does happen). PIN or better still fingerprint check is fine here.
b) I do something like view Google Photos, or scroll through years worth of email. I’ve never thought about this before… there's nothing terribly embarrassing or private, but maybe there ought to be some kind of check? It’d be really inconvenient though, and anyway that’s down to Google. Let’s gloss over this. Forget I mentioned it.
c) I visit a secure website, e.g. my Doctor or Pharmacist to order medication. I don’t care how inconvenient, I expect an authentication check before proceeding. A PIN or fingerprint is BARELY adequate here, but better than nothing.
You know what would be better...
A Primary Password. Or a Gateway password? The Super password? The password to end all passwords, password? Call it whatever you like, you know the password I mean.
(And even if you tell me this breaks the sync between devices (at least for passwords), I’d still want one.)
But something. Anything. And sometime soon please?
Because right now it feels like I’m walking around with a piece of paper in my pocket, with all my passwords written down in plaintext.
Thank you for that link.
I now understand this is the intended behaviour, not a bug. The reasoning behind this seems to be, if you’ve unlocked a phone (assuming you’ve got a PIN set, or using a fingerprint sensor) you've already authenticated usage of… well everything really. Email, Google Drive, Photos…
Banking?
No, your banking app asks for additional authentication when you launch the app, and quite right too.
Actually, thinking about it so does the app I use to top-up my PAYG. (I did wonder why, as there’s no way to extract money from it, only add to it.)
And Google Play when purchasing an app?
I guess the common thing here is these all involve money.
But what about my Doctors surgery, my medical notes? My Amazon account? My domain registrar?
Surely they’re all equally sensitive? Don’t they deserve the same consideration?
I came across these links which nicely sum up the real problem… https://github.com/mozilla-mobile/fenix/issues/14501#issuecomment-727872443 https://github.com/mozilla-mobile/fenix/issues/14501#issuecomment-685006415
I guess what I’m saying is
a) I need rapid access to the phone itself, e.g to make a phone call (rare, but it does happen). PIN or better still fingerprint check is fine here.
b) I do something like view Google Photos, or scroll through years worth of email. I’ve never thought about this before… there’s nothing terribly embarrassing or private, but maybe there ought to be some kind of check? It’d be really inconvenient though, and anyway that’s down to Google. Let’s gloss over this. Forget I mentioned it.
c) I visit a secure website, e.g. my Doctor or Pharmacist to order medication. I don’t care how inconvenient, I expect an authentication check before proceeding. A PIN or fingerprint is BARELY adequate here, but better than nothing.
You know what would be better...
A Primary Password. Or a Gateway password? The Super password? The password to end all passwords, password? Call it whatever you like, you know the password I mean.
(And even if you tell me this breaks the sync between devices, at least for passwords, I’d still want one.)
But something. Anything. And sometime soon please?
Because right now it feels like I’m walking around with a piece of paper in my pocket, with all my passwords written down in plaintext.