Windows 10 reached EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Using OS authentication for Credit Cards and Logins

  • No replies
  • 1 has this problem
  • 12 views
Jan
Jan
more options

In an answer to this question: https://support.mozilla.org/en-US/questions/1318109#answer-1376159 cor-el warned that using OS authentication (like TouchID on a Mac with Touchbar) for passwords instead of a Primary Password is actually not really safe because apparently it doesn't encrypt logins in logins.json and it would be possible to extract them by running: prompt("Logins",JSON.stringify(Services.logins.getAllLogins())); Now I am a bit worried and confused because for storing Credit Cards the default is, of course, using OS authentication (I don't think there's an option to set a password instead). Is that safe, i.e., is the credit card information encrypted (even without a Primary Password)?

And if so, would anybody be able to explain the differences between these two approaches and why it's not possible to use OS authentication with logins/passwords in a safe way but it is with Credit Cards?

In an answer to this question: https://support.mozilla.org/en-US/questions/1318109#answer-1376159 cor-el warned that using OS authentication (like TouchID on a Mac with Touchbar) for passwords instead of a Primary Password is actually not really safe because apparently it doesn't encrypt logins in logins.json and it would be possible to extract them by running: prompt("Logins",JSON.stringify(Services.logins.getAllLogins())); Now I am a bit worried and confused because for storing Credit Cards the default is, of course, using OS authentication (I don't think there's an option to set a password instead). Is that safe, i.e., is the credit card information encrypted (even without a Primary Password)? And if so, would anybody be able to explain the differences between these two approaches and why it's not possible to use OS authentication with logins/passwords in a safe way but it is with Credit Cards?