Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Showing passwords in saved logins: My concern

  • 14 freagra
  • 2 leis an bhfadhb seo
  • 388 views
  • Freagra is déanaí ó moz2u

more options

I have only just discovered this feature. It is a concern because anyone stealing my computer and knowing or bypassing my login for Windows or Linux can look at the saved logins in the security options page. the can then click on the button and show all my saved passwords. I have removed all the sensitive ones (All my non trivial passwords are unique (about 150 of them)) so I may be reasonably safe but many people using FF may be unaware of this.

It seems to me that it is a rather crucial security oversight. I would think that the ability to show passwords should be disabled by default and, should require a two stage login to enable.

I look forward to your comments.

Tycho

Réiteach roghnaithe

Having chewed over the problem for a bit and read the helpful replies I have decided that I might be showing some level of paranoia.

Ubuntu insists that I sign in before I ever use it so with a good strong password I can be reasonably certain that if someone steals my laptop they won't be able to get at my Paypal account or anything else. I am going to remove all the important passwords anyway.

Thanks for all the suggestions chaps.

Tycho

Read this answer in context 👍 0

All Replies (14)

more options
more options

Not an "oversight", it's been like that for as long as Firefox has existed.

Logon User Account (on Windows) with a good Password and using the Master Password feature in Firefox are steps you can take to protect yourself.

https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

more options

Google Chrome, does, or did have no masterpassword, and argued that a master password did not really increase security. Instead it was the user's responsibility to keep the computer safe. So use passwords for the OS & BIOS.

more options

Thanks all. I have set a Master password in Ubuntu but am interested to note that it has not automatically set one in Windows.

Synch not set, perhaps. I will investigate.

Tycho

more options

Synch is set.

I can't find a Synch Now button. Will I have to set a different master password for Windows or the same one?

What about my Android device?

more options

I assume the Master Password should be the same in both Windows and Linux; not 100% sure though - I have never used a Master Password.

As far as Firefox for Android and Sync, you may have problems with Sync related to the differing Bookmarks Toolbar folders used by "mobile" and "desktop" devices. Many complaints about BTB bookmarks disappearing from "desktop" installations.

The "Sync Now" button was removed in Firefox 47 & later, when to new "Synced Tabs" button was added to Firefox/Sync.

more options

Unfortunately, I learned recently that the Master Password does not sync. Instead, the Sync feature requires you to enter your Master Password a minute or so after you start Firefox so it can sync your passwords, and you need to set a Master Password on all other devices you sync. And obviously choose a difficult-to-guess password for your Firefox Account!

more options

I fear that it all seems rather clumsy.

I have set the master password for Linux as I said but now it requires me to enter it each time I start up Firefox. If it were not for the fact that an intruder can reveal all my passwords I would not bother with it.

I will investigate Chrome as John 99 said above and see if that has better security. If it is not possible in Chrome to reveal all the passwords then that must be better. There are many occasions, in fact most occasions when I don't need to do anything secure. I may be just browsing and in these cases I really don't want to enter a 14 digit password. That is the level of security that I think is necessary. I really don't want people to be able to get at my Paypal password.

Tycho

Athraithe ag Tycho ar

more options

Just tried to show a password in Chrome. It repsonds with:

"Google Chrome is trying to show passwords. Type your Windows password to allow this."

This is quite a lot better as long as the Windows password is strong. I will now try the same thing in Ubuntu and report back.

T

more options

Tycho said

There are many occasions, in fact most occasions when I don't need to do anything secure. I may be just browsing and in these cases I really don't want to enter a 14 digit password.

If Firefox requests your master password when you aren't trying to sign into a site, most likely it is to enable background Sync'ing or other services linked to your Firefox Account. If you have no relevant changes to Sync, you can cancel the prompt.

more options

Tycho said

Just tried to show a password in Chrome. It repsonds with: "Google Chrome is trying to show passwords. Type your Windows password to allow this." This is quite a lot better as long as the Windows password is strong. I will now try the same thing in Ubuntu and report back. T

In Ubuntu Chrome is much the same as Firefox. The paswords all show at the click of a button.

more options

jscher2000 said

Tycho said
There are many occasions, in fact most occasions when I don't need to do anything secure. I may be just browsing and in these cases I really don't want to enter a 14 digit password.

If Firefox requests your master password when you aren't trying to sign into a site, most likely it is to enable background Sync'ing or other services linked to your Firefox Account. If you have no relevant changes to Sync, you can cancel the prompt.

That's a useful answer. Thanks.

more options

Réiteach Roghnaithe

Having chewed over the problem for a bit and read the helpful replies I have decided that I might be showing some level of paranoia.

Ubuntu insists that I sign in before I ever use it so with a good strong password I can be reasonably certain that if someone steals my laptop they won't be able to get at my Paypal account or anything else. I am going to remove all the important passwords anyway.

Thanks for all the suggestions chaps.

Tycho

more options

Firefox on one hand seems well designed but then they do something like this: This is about the most dimly thought out design parameter I've ever encountered. You are most assuredly not being paranoid. Being able to see all your passwords is insane. A master password? Are they nuts? So if someone got your master password it would be game over. Unbelievable. Maybe techies just have zero common sense. It appears so. Why make them visible? If you're unsure of one just delete it and redo it. Takes seconds. To offer a little convenience whilst compromising so much security (because the vast majority of busy, harried and clueless Firefox users don't have a clue about this) is thoughtless, irresponsible and utterly devoid of reason. Welcome to Tech: Where common sense and logic are flushed away with vigor. Probably the same brainiacs that didn't sort bookmarks alphabetically by default.

Even if you take care and store an important password with Firefox there's always a chance you'll make a mistake. The answer, like so many things in Tech, is to search for a specific program that stores passwords and does it sensibly, logically and responsibly. Or....the absolutely opposite of this.

Athraithe ag moz2u ar