Your Mozilla account and Firefox Sync allow you to save and sync your logins, as well as let you know if any of your passwords are vulnerable. They both also protect your passwords with encryption so that even Mozilla can’t see them. Meanwhile, Firefox checks your saved websites against a database of breached websites to let you know if your logins are vulnerable. For more information, see Firefox Password Manager - Alerts for breached websites.

Firefox uses the local encryption method for saved logins.

• AES (Advanced Encryption Standard) is faster and much more secure than 3DES.
• This change improves the protection of your passwords locally, on disk.
• Firefox Sync uses end-to-end encryption with AES-256-GCM and is unaffected.

This upgrade happened automatically; your saved logins were re-encrypted in the background when you updated Firefox.

Firefox Sync

If you have a Mozilla account and have enabled the Sync functionality, your login data (usernames, passwords, hostnames) is uploaded encrypted to Mozilla’s Sync servers. This encryption ensures that your data is stored in a way that Mozilla cannot decrypt.

Firefox Desktop

Firefox Desktop encrypts your passwords locally in your user profile directory using a logins.json file. Firefox Desktop uses simple cryptography to obscure your passwords. Mozilla doesn’t have the ability to see passwords, but Firefox Desktop does decrypt the password locally so that it can enter them into form fields.

For the best security, use a Primary Password to encrypt your passwords. To learn more about how Firefox saves and stores your logins and passwords, see these articles:

• Use a Primary Password with Sync
• Where are my logins stored?
• Password Manager - Remember, delete and edit logins and passwords in Firefox