Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Password is exposed in plain text.

more options

Instead of asking Windows for passwords stored on your PC, the password manager immediately gives you passwords. This is a serious security issue and the documentation says it has already been fixed in an earlier version, but it hasn't actually been resolved. Hope you solve the problem soon.

Instead of asking Windows for passwords stored on your PC, the password manager immediately gives you passwords. This is a serious security issue and the documentation says it has already been fixed in an earlier version, but it hasn't actually been resolved. Hope you solve the problem soon.

Chosen solution

Firefox does support this Biometrics feature, but it hasn't been enabled.

Read this answer in context 👍 0

All Replies (14)

more options

How to enable Windows SSO login in Firefox https://support.mozilla.org/en-US/kb/windows-sso

Use a Primary Password to protect stored logins and passwords https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins

Helpful?

more options

Even if i enable SSO login, my password will still be exposed in plain text and Firefox should not expose my password in plain text by default even if i don't enable the default password. But this is actually happening. Need more information?

Modified by user282809459511541147510546796786228404940

Helpful?

more options

Link to the article your talking about?

Helpful?

more options

If do not use the Primary Password to add an extra encryption layer then your passwords aren't protected and only access to logins.json and key4.db is sufficient to access the passwords.

Note that using Biometrics like Windows Hello/PIN instead of the Primary Password to protect the logins is less secure as it doesn't encrypt the logins stored in logins.json like the Primary Password does and having access to logins.json and key4.db and place them in a Firefox profile is sufficient to inspect the logins. Using Biometrics is merely to make it harder to access/view passwords in Password Manager, but Firefox will still be able to fill a login on a webpage without asking. Note that this is also the case if you unlock the passwords via the Primary Password during a session.

Helpful?

more options

https://mzl.la/3bRpFK9

According to this document, fingerprint or Windows password authentication should be mandatory after version 76. I'm using the latest version of firefox and exposing passwords in plaintext is a serious security issue even if I don't use the default password.

Modified by user282809459511541147510546796786228404940

Helpful?

more options

Help us help you, OK? Windows SSO aside, Are you using a Primary Password? (I don't) Are your passwords being displayed as asterisks in Password Manager? (mine are)

Helpful?

more options

same as you Although the Primary Password is not being used and the password is displayed as an asterisk in the password manager, when i click Show Password, the password is exposed in plain text without any security procedure.

Helpful?

more options

Like I wrote above, only the PP can prevent from accessing the passwords by clicking the eye icon and even that is only cosmetical as once the logins are unlocked by entering the PP then accessing the logins (password) is not a real problem as this is merely a restriction build in the code.

Helpful?

more options

That is, when the Windows password is entered, it is judged as an already authenticated user and the password is exposed in plain text without additional authentication? Then, why does the iPhone use Face ID for two-factor authentication? It can be taken as a story that there is a risk that others can steal it. maybe. well i know now I should consider switching to another browser.

Helpful?

more options

From what is happening your connecting your firefox account to your online accounts that is the reason why those accounts are connected. I think you should not use the Windows SSO as that connects to Microsoft accounts and one reason anyone whom has your Windows account access will see anything. I never connect nor use Windows SSO as that is already a security risk to start with. And maybe turning or disabling that feature is what you need to do here.

Helpful?

more options

Chosen Solution

Firefox does support this Biometrics feature, but it hasn't been enabled.

Helpful?

more options

https://mzl.la/3bRpFK9

According to this document, if i running Firefox 76 or higher and i haven't set a default password, i must ask for a password for my operating system. These documents are not helpful. You’re taking the wrong point, and please check the above discussion in advance and answer it.

Helpful?

more options

It clearly says at the top of the article: This feature is disabled for both macOS and Windows, except in Firefox Nightly and for testing.

Helpful?

more options

I was stupid. I understood what you were talking about, and ultimately the problem was solved. Thanks for your help!

Modified by user282809459511541147510546796786228404940

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.