How to enable Windows SSO login in Firefox https://support.mozilla.org/en-US/kb/windows-sso

Use a Primary Password to protect stored logins and passwords https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins

Even if i enable SSO login, my password will still be exposed in plain text and Firefox should not expose my password in plain text by default even if i don't enable the default password. But this is actually happening. Need more information?

Link to the article your talking about?

If do not use the Primary Password to add an extra encryption layer then your passwords aren't protected and only access to logins.json and key4.db is sufficient to access the passwords.

Note that using Biometrics like Windows Hello/PIN instead of the Primary Password to protect the logins is less secure as it doesn't encrypt the logins stored in logins.json like the Primary Password does and having access to logins.json and key4.db and place them in a Firefox profile is sufficient to inspect the logins. Using Biometrics is merely to make it harder to access/view passwords in Password Manager, but Firefox will still be able to fill a login on a webpage without asking. Note that this is also the case if you unlock the passwords via the Primary Password during a session.

https://mzl.la/3bRpFK9

According to this document, fingerprint or Windows password authentication should be mandatory after version 76. I'm using the latest version of firefox and exposing passwords in plaintext is a serious security issue even if I don't use the default password.

Help us help you, OK? Windows SSO aside, Are you using a Primary Password? (I don't) Are your passwords being displayed as asterisks in Password Manager? (mine are)

same as you Although the Primary Password is not being used and the password is displayed as an asterisk in the password manager, when i click Show Password, the password is exposed in plain text without any security procedure.

Like I wrote above, only the PP can prevent from accessing the passwords by clicking the eye icon and even that is only cosmetical as once the logins are unlocked by entering the PP then accessing the logins (password) is not a real problem as this is merely a restriction build in the code.

That is, when the Windows password is entered, it is judged as an already authenticated user and the password is exposed in plain text without additional authentication? Then, why does the iPhone use Face ID for two-factor authentication? It can be taken as a story that there is a risk that others can steal it. maybe. well i know now I should consider switching to another browser.

From what is happening your connecting your firefox account to your online accounts that is the reason why those accounts are connected. I think you should not use the Windows SSO as that connects to Microsoft accounts and one reason anyone whom has your Windows account access will see anything. I never connect nor use Windows SSO as that is already a security risk to start with. And maybe turning or disabling that feature is what you need to do here.

Firefox does support this Biometrics feature, but it hasn't been enabled.

• https://support.mozilla.org/en-US/kb/firefox-password-authentification-prompt

https://mzl.la/3bRpFK9

According to this document, if i running Firefox 76 or higher and i haven't set a default password, i must ask for a password for my operating system. These documents are not helpful. You’re taking the wrong point, and please check the above discussion in advance and answer it.

It clearly says at the top of the article: This feature is disabled for both macOS and Windows, except in Firefox Nightly and for testing.

I was stupid. I understood what you were talking about, and ultimately the problem was solved. Thanks for your help!