Firefox refusing Primary Password
Today, after browsing about whether or not I should continue using Firefox as my password manager, I decided to mitigate the most important security flaw in browser based password managers, by setting up a Primary Password. I choose to use an easy to remember 8 word long passphrase as my Primary Password. I noted down the passphrase in my diary. Due to problem while loading YouTube, I decided to restart Firefox by going to about:profiles and selecting "restart normally". This issue where Firefox starts to struggle connecting to internet is a relatively common occurrence on my Firefox install, and restarting Firefox fixes the issue. When Firefox restarted, I was prompted to enter the primary password. I confidently entered my passphrase, but it was rejected. I tried to typing to it more carefully several times. I got my diary and checked it to make sure I was entering the passphrase correctly. Following troubleshooting steps on a similar thread, I restarted firefox, no luck. I than rebooted my computer, issue persisted. I decided to restart Firefox with extensions disabled, and also in troubleshooting mode. Firefox still rejects my passphrase. I have my Firefox account synchronized with two Android phones. Will reinstalling Firefox and syncing with my Firefox account solve the problem? In a similar troubleshooting thread, renaming key4.db and logins.json is suggested. However, it has not been explained very clearly. My logins.json file was modified an hour before disaster, even though I had made no changes to any of my logins or the master password. Is my logins.json corrupted causing the issue? I will like to point out a design flaw in Firefox which might have caused the issue. I usually want to see what I am typing when I am entering an encryption password. This is to make sure that I don't mistype something. However, in Firefox Primary Password configuration window, there is not option to see what you are typing. Firefox relies on low probability of typing the wrong password twice. I don't think devs should be so worried about shoulder attacks to not even allow users option to view what they typing. My case might be that low probability situation where I made the same mistake while typing the passphrase twice.
Chosen solution
I have fixed the issue. I have a suspicion that somehow my password file was corrupted. I tried entering the password 100s of times, going through all probable mistakes and nothing worked. It is not very probable that I would have made an unlikely mistake twice while typing in the master password. For anyone facing the same issue, here are the steps I followed-
- 1. I created a new windows profile on my computer. I downloaded Firefox on this new Windows account and logged in my Firefox account.
- 2. Than I used this new logged in copy of Firefox to backup my passwords as a csv file. I made sure that the csv file had been exported properly and passwords were there.
- 3. Now I moved back to my original Windows account with botched Firefox running on it. I went to into my sync settings and clicked on "Change" button.
- 4. Now in the "Change" sync settings windows, "Disconnect" button appeared. I clicked on it disconnect to stop my botched Firefox from syncing to rest of logged in devices. This was done to prevent the botched Firefox from syncing and erasing all my passwords from logged in devices.
- 5. Now I followed the instructions on [[Reset your Primary Password if you've forgotten it|https://support.mozilla.org/en-US/kb/reset-your-primary-password-if-youve-forgotten-it]]
- 6. Initially nothing happened. Firefox kept asking for Primary Password even though it had been reset. I went into my "Security and Privacy" settings and clicked on "Change Primary Password". In the Primary Password configuration window, Primary Password appeared as "not set". I simply clicked "OK". This removed the Primary Password.
- 7. As I was warned, all my logins were erased. Now I clicked on the hamburger menu, selected my account and than clicked "log out"
- 8. Now, I selected the hamburger menu again and clicked on "Log In". I entered my Firefox account credentials and voila! My logins were back. I was still logged into all websites I had logged into earlier, that is, log in cookies were not deleted during the process.
Important thing to note that I was logged into another computer while this happened, but that computer has not been online for 12 days. My other Windows profile was also not active as I was using my original. So, my passwords probably came from my phones, but I will recommend backing up and logging in to another computer just in case.
Read this answer in context 👍 1All Replies (6)
Dropa said
First off you should log off all devices and then go back to the original computer that had the data that your using to do the sync and verify the password is working correctly before trying to redo the sync. If you have sync setup Firefox will ask for the Primary login password.
My understanding was that Firefox uses each device as a way to backup passwords. So, there is no "original device" (I do not have access to the original device I started using Firefox on years ago.) So, I was thinking simply uninstalling Firefox and syncing fresh install with my Firefox account should bring my passwords to my computer. Are mobile devices not equivalent to computers when it comes to account backup? Another idea is to download Firefox beta on my Windows device and try to sync with my Firefox account.
Modified
Sync connects to sync servers and not device to device though.
James said
Sync connects to sync servers and not device to device though.
My understanding was that Mozilla sync servers merely act as a relay between logged in devices and do not actually store encrypted passwords.
I have backed up my passwords as a csv file by logging my account into another user profile on my computer.
Firefox won't let me log out of my stuck installation, it asks for primary password for logout. The reason why I want to log out is to make sure resetting my password does not delete my logins across all synced devices.
Chosen Solution
I have fixed the issue. I have a suspicion that somehow my password file was corrupted. I tried entering the password 100s of times, going through all probable mistakes and nothing worked. It is not very probable that I would have made an unlikely mistake twice while typing in the master password. For anyone facing the same issue, here are the steps I followed-
- 1. I created a new windows profile on my computer. I downloaded Firefox on this new Windows account and logged in my Firefox account.
- 2. Than I used this new logged in copy of Firefox to backup my passwords as a csv file. I made sure that the csv file had been exported properly and passwords were there.
- 3. Now I moved back to my original Windows account with botched Firefox running on it. I went to into my sync settings and clicked on "Change" button.
- 4. Now in the "Change" sync settings windows, "Disconnect" button appeared. I clicked on it disconnect to stop my botched Firefox from syncing to rest of logged in devices. This was done to prevent the botched Firefox from syncing and erasing all my passwords from logged in devices.
- 5. Now I followed the instructions on [[Reset your Primary Password if you've forgotten it|https://support.mozilla.org/en-US/kb/reset-your-primary-password-if-youve-forgotten-it]]
- 6. Initially nothing happened. Firefox kept asking for Primary Password even though it had been reset. I went into my "Security and Privacy" settings and clicked on "Change Primary Password". In the Primary Password configuration window, Primary Password appeared as "not set". I simply clicked "OK". This removed the Primary Password.
- 7. As I was warned, all my logins were erased. Now I clicked on the hamburger menu, selected my account and than clicked "log out"
- 8. Now, I selected the hamburger menu again and clicked on "Log In". I entered my Firefox account credentials and voila! My logins were back. I was still logged into all websites I had logged into earlier, that is, log in cookies were not deleted during the process.
Important thing to note that I was logged into another computer while this happened, but that computer has not been online for 12 days. My other Windows profile was also not active as I was using my original. So, my passwords probably came from my phones, but I will recommend backing up and logging in to another computer just in case.
Modified