X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Should I first delete all saved passwords before assigning master password firefox 21

Posted

I want to start using the 'Master Password' feature. There are a couple of hundred 'stored' passwords in the Options-Security-Saved Passwords tab so I'm wondering if it would be best to delete ALL of these before setting up a Master Password. I will be changing and deleting several of the 'stored' passwords anyway. But my main question is whether or not the 'Master Password' would encrypt All of the existing 'stored' passwords and what if they have already been comprised by surfing anyway??

Chosen solution

Al current passwords will be encrypted with the Master Password if you set one and that includes passwords that you already have saved. So there is no need to delete the current passwords.

Read this answer in context 16

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.7 r700
  • Google Update
  • Google Talk Plugin Video Accelerator version:0.1.44.28
  • Version 3.19.1.13088
  • GEPlugin
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.02
  • 5.1.20125.0
  • NPWLPG
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0

More Information

iamjayakumars
  • Top 10 Contributor
416 solutions 4930 answers

Helpful Reply

No need to delete that.

Master passwords are used to protect the saved passwords.

Know more about Master Passwords

Question owner

What if the existing 'Stored' list has already been comprised by surfing or some other invasion??

Question is, are 'new' user names and passwords protected better when they are 'entered' and 'saved' by firefox after you have a 'Master Password' enabled??

I guess I don't understand how the M/P protects the 'saved list'.

I'm thinking it has to be best to build a 'new' list after the M/P is created. Probably should change all the old passwords anyway. "Just because you're paranoid doesn't mean they aren't after you" Joseph Heller.

cor-el
  • Top 10 Contributor
  • Moderator
10761 solutions 96850 answers

The names and passwords are encrypted with a Triple DES key that is stored in key3.db and the master password adds an additional level to that encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.

Question owner

While this does not answer my 'simple' question, it is, nonetheless, a very technical answer about the purpose of using a 'master'.

The 'simple' question was "are new user names and passwords protected better when they are 'entered' and 'saved' by firefox after you have a 'Master Password' enabled??

I am going to assume that there is 'technically' no advantage, but it might be a good time to 'remove' all existing 'stored' p/w and start new with creating a M/P and re-entering or better yet changing the old passwords and letting them be saved anew. I 'screen-printed' the existing Stored passwords and copied to a word doc, plus I turned the doc landscape, R-clicked the image of each page and increased the 'size' to 100% (in my case) so I could read the copied user name / password list (each screen-print image would fill one page in the word doc). I guess I will have to tell it to NOT save the old p/w and wait until I Change it to actually 'save' it. Good luck. Maybe I'm just insane, but remember - "Just because you're paranoid doesn't mean they aren't after you" Joseph Heller.

cor-el
  • Top 10 Contributor
  • Moderator
10761 solutions 96850 answers

Chosen Solution

Al current passwords will be encrypted with the Master Password if you set one and that includes passwords that you already have saved. So there is no need to delete the current passwords.