On Aug 14th 11 PM ET/Aug 15th 03:00 UTC, due to scheduled Firefox Account server maintenance, users may not be able to sign in or create a new subscription. This is expected to last approximately 30 minutes. Status updates can be found at https://status.vpn.mozilla.org or https://status.relay.firefox.com.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to disable "Show password"

  • 9 replies
  • 1 has this problem
  • 1645 views
  • Last reply by Mike Kaply

more options

I am a manager of a company, and I need to let some of our employees access to our online accounts. However, they can see our username/passwords when they simply look at firefox settings. Master password is obviously not useful. I want to basically disable "show password" tab.

I looked up online all day, including other web browsers, and firefox extensions. I can't seem to find it out.

Can anyone help me with this?

I am a manager of a company, and I need to let some of our employees access to our online accounts. However, they can see our username/passwords when they simply look at firefox settings. Master password is obviously not useful. I want to basically disable "show password" tab. I looked up online all day, including other web browsers, and firefox extensions. I can't seem to find it out. Can anyone help me with this?

Chosen solution

A disable_button pref like pref.privacy.disable_button.view_password only works when you use lockPref() in an autoconfig.cfg file.

  • lockPref("pref.privacy.disable_button.view_passwords", true);

When I checked the PasswordManagerEnabled policy then I noticed it affects signon.rememberSignons as well.

This makes it not easy to use this policy and keep using the Password Manager and Sync (no PP prompt at startup), so I'm not sure what use case there is for using this policy. The about:logins page is blocked and auto-fill is disabled, "Fill Login" still works once the PP has been entered.

Read this answer in context 👍 0

All Replies (9)

more options
more options

Of course you should set a Primary Password anyway to encrypt the credentials securely on disk; that is necessary to avoid third party tools extracting your saved logins using the logins.json + key4.db files.

You could look at the DisablePasswordReveal policy:

more options
more options

How can I enter this code to firefox? pref.privacy.disable_button.view_passwords

more options

shippingeasy2 said

How can I enter this code to firefox? pref.privacy.disable_button.view_passwords

That preference does not exist by default in Firefox 86, and I'm not sure it applies to the new Lockwise UI.

A user can create and remove the preference interactively as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste pref.privacy.disable_button.view_passwords and pause while the list is filtered

(3) Firefox should display a row with the choices Boolean Number String and a + button. Keep the selection on Boolean and click the + button to create the new preference.

(4) If needed, double-click the new preference to switch it from false to true. To remove the preference, click the trash can icon at the right end of the row.

Do you notice any effect? Doesn't work for me.

more options

Chosen Solution

A disable_button pref like pref.privacy.disable_button.view_password only works when you use lockPref() in an autoconfig.cfg file.

  • lockPref("pref.privacy.disable_button.view_passwords", true);

When I checked the PasswordManagerEnabled policy then I noticed it affects signon.rememberSignons as well.

This makes it not easy to use this policy and keep using the Password Manager and Sync (no PP prompt at startup), so I'm not sure what use case there is for using this policy. The about:logins page is blocked and auto-fill is disabled, "Fill Login" still works once the PP has been entered.

more options

Disabling the view passwords button isn't very helpful because you can get there by typing about:logins as well as the "Logins and Passwords" menuitem.

The policy disables the password manager completely because it wouldn't make sense to allow people to save passwords but then not be able to get to about:logins to see/modify those passwords. That's why the policy disables the password manager (which is similar to what happens on other browsers.)

The correct policy here (as was already pointed out) is DisablePasswordReveal

https://github.com/mozilla/policy-templates#disablepasswordreveal

This prevents someone from viewing the passwords on the machine.

And please don't use Autoconfig.

more options

With only password reveal disabled you still have to use the Copy feature that allows to copy the password to the clipboard where you only have to paste it in a text area to have it is readable form.

Wouldn't it be safer to disable this Copy feature as well and only allow "Fill Password" to get the password in a form ?

I noticed an issue with DisablePasswordReveal in combination of using "Create New Login" as this removes the password field leaving only the label, so you can only enter the username and not the password.

Is this a bug or is this intended ?

more options

> With only password reveal disabled you still have to use the Copy feature that allows to copy the password to the clipboard where you only have to paste it in a text area to have it is readable form. > > Wouldn't it be safer to disable this Copy feature as well and only allow "Fill Password" to get the password in a form ?

I copied the Microsoft behavior in this case and it was mainly focused on preventing someone from quickly seeing your passwords. I'll see what they do about copy and if we need a new policy.

> I noticed an issue with DisablePasswordReeal in combination of using "Create New Login" as this removes the password field leaving only the label, so you can only enter the username and not the password.

Definitely sounds like a bug. That's odd though because we're only messing with the little eye symbol.