Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Feature Request: Password protect "Logins and Passwords"

  • 3 replies
  • 1 has this problem
  • 2 views
  • Last reply by nik16

more options

First off, I tried to submit this using the "Submit Feedback" feature of the browser, but it's disabled right now, so I can't. Hopefully this works, or someone can tell me another way to request a feature from the developers.

I also know that I can use the Master Password feature to protect my passwords, but that's too extreme for my liking. I'm looking for a middle ground, where I don't have to enter my master password every time I want to use the browser, but I do want to enter it as a requirement for viewing my passwords in plain text.

Master password also seems to be blocking automatic log in on a lot of websites, so it is doubly annoying. :)

I've seen other people mention they would like this as well, so I think it would be a good thing to implement, which really wouldn't be too difficult to do.

First off, I tried to submit this using the "Submit Feedback" feature of the browser, but it's disabled right now, so I can't. Hopefully this works, or someone can tell me another way to request a feature from the developers. I also know that I can use the Master Password feature to protect my passwords, but that's too extreme for my liking. I'm looking for a middle ground, where I don't have to enter my master password every time I want to use the browser, but I do want to enter it as a requirement for viewing my passwords in plain text. Master password also seems to be blocking automatic log in on a lot of websites, so it is doubly annoying. :) I've seen other people mention they would like this as well, so I think it would be a good thing to implement, which really wouldn't be too difficult to do.

All Replies (3)

more options

You dont have to use Master Password. But if you enter once, the passwords and logins will be available through out your session, ie while FF is opened.

And only after you close FF, ie the current session, the Master Password will re-activate again upon opening a new session of FF.

For me, i found the Master PW inconvenient.

more options

Note that the Primary Password encrypts the passwords as stored in logins.json in the Firefox profile folder, so you need to enter this PP to access the passwords and fill them in a sign-in form on a webpage. If you use Sync then you also need to enter the PP to unlock the passwords and allow access the the Firefox Account login credentials. If you do not use the PP then it is always possible to access the password and other applications (browsers) can possibly import Firefox logins. So only the PP can provide real protection of your logins (username and password).

more options

cor-el said

Note that the Primary Password encrypts the passwords as stored in logins.json in the Firefox profile folder, so you need to enter this PP to access the passwords and fill them in a sign-in form on a webpage. If you use Sync then you also need to enter the PP to unlock the passwords and allow access the the Firefox Account login credentials. If you do not use the PP then it is always possible to access the password and other applications (browsers) can possibly import Firefox logins. So only the PP can provide real protection of your logins (username and password).

Thank you for the additional information about how the Primary Password works. From an end user's perspective, it is always a matter of balancing security vs. convenience. Right now, Firefox has 2 options.

No Security: Anyone can easily view all of my passwords in plain text, right in the browser.

High Security: Passwords are encrypted, and every time I want to access any of them, I need to enter PP. This includes saved log-in functionality, which never displays the passwords in plain text.

I would like to see a middle ground, where the passwords are not encrypted, so I can use saved log-in functionality of the browser without PP, but displaying passwords in plain text requires the PP (or perhaps a different password) to be entered.

Yes, I understand that in this way, it is less secure to not have the passwords encrypted, and they can be accessed through the files manually, or via another app, like the "No Security" option. However, it will allow me to retain the convenience of "No Security", along with the "don't display passwords in plain text through the browser" feature of "High Security".