All Products Community Forum

After version 149, I find I am asked to provide the Windows password in order to modify or copy saved passwords (but not fill when visiting a site). I had already set a primary password to secure my saved passwords, so this never should have happened. Turning off this setting also prompts for the Windows password. In v151, I recommend that Firefox allow the primary password to be used instead, for both managing passwords and turning off the "require device sign in" setting.

I can understand trying to force password security and encryption upon users who do not have a primary password set, but that should have been accomplished by prompting the user to set a primary password. Users with primary passwords should have been excepted from the change. "Require device sign in" should never have been an option - local system passwords are not designed for this use, and no consumer-grade app should have access to them.

As a CISSP I never recommend that anyone use browser-based password managers at all, but I do use the Firefox one for some non-critical sites. This discovery has been an annoyance, but worse, it reveals a poor understanding of security on the part of Mozilla.

I keep getting stopped trying to access my paypal account. FF is asking for a pin number. I didn't even know I had one. When I try to change it, it tells me find the sign in options but I can't locate it. Why oh why is this asking me for this verification.

The username for some website might contain sensitive private information like phone number, identity card number, etc. It would be better if the primary password is required before revealing the password manager page.

The question says it all. I have set up a primary password. On my laptop, I am asked to enter it when I look up a password on my password list. When I look up a password on the mobile app, I am not prompted for the primary password. I can reveal or copy any password. It seems like anyone who got access to my phone could get all the passwords.