Today, after browsing about whether or not I should continue using Firefox as my password manager, I decided to mitigate the most important security flaw in browser based… (read more)
Today, after browsing about whether or not I should continue using Firefox as my password manager, I decided to mitigate the most important security flaw in browser based password managers, by setting up a Primary Password. I choose to use an easy to remember 8 word long passphrase as my Primary Password. I noted down the passphrase in my diary. Due to problem while loading YouTube, I decided to restart Firefox by going to about:profiles and selecting "restart normally". This issue where Firefox starts to struggle connecting to internet is a relatively common occurrence on my Firefox install, and restarting Firefox fixes the issue. When Firefox restarted, I was prompted to enter the primary password. I confidently entered my passphrase, but it was rejected. I tried to typing to it more carefully several times. I got my diary and checked it to make sure I was entering the passphrase correctly. Following troubleshooting steps on a similar thread, I restarted firefox, no luck. I than rebooted my computer, issue persisted. I decided to restart Firefox with extensions disabled, and also in troubleshooting mode. Firefox still rejects my passphrase. I have my Firefox account synchronized with two Android phones. Will reinstalling Firefox and syncing with my Firefox account solve the problem? In a similar troubleshooting thread, renaming key4.db and logins.json is suggested. However, it has not been explained very clearly. My logins.json file was modified an hour before disaster, even though I had made no changes to any of my logins or the master password. Is my logins.json corrupted causing the issue? I will like to point out a design flaw in Firefox which might have caused the issue. I usually want to see what I am typing when I am entering an encryption password. This is to make sure that I don't mistype something. However, in Firefox Primary Password configuration window, there is not option to see what you are typing. Firefox relies on low probability of typing the wrong password twice. I don't think devs should be so worried about shoulder attacks to not even allow users option to view what they typing. My case might be that low probability situation where I made the same mistake while typing the passphrase twice.