I want to start using the 'Master Password' feature. There are a couple of hundred 'stored' passwords in the Options-Security-Saved Passwords tab so I'm wondering if it would be best to delete ALL of these before setting up a Master Password. I will be changing and deleting several of the 'stored' passwords anyway. But my main question is whether or not the 'Master Password' would encrypt All of the existing 'stored' passwords and what if they have already been comprised by surfing anyway??
Solved! Go to Solution.
No need to delete that.
Master passwords are used to protect the saved passwords.
Know more about Master Passwords
What if the existing 'Stored' list has already been comprised by surfing or some other invasion??
Question is, are 'new' user names and passwords protected better when they are 'entered' and 'saved' by firefox after you have a 'Master Password' enabled??
I guess I don't understand how the M/P protects the 'saved list'.
I'm thinking it has to be best to build a 'new' list after the M/P is created. Probably should change all the old passwords anyway. "Just because you're paranoid doesn't mean they aren't after you" Joseph Heller.
The names and passwords are encrypted with a Triple DES key that is stored in key3.db and the master password adds an additional level to that encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.
While this does not answer my 'simple' question, it is, nonetheless, a very technical answer about the purpose of using a 'master'.
The 'simple' question was "are new user names and passwords protected better when they are 'entered' and 'saved' by firefox after you have a 'Master Password' enabled??
I am going to assume that there is 'technically' no advantage, but it might be a good time to 'remove' all existing 'stored' p/w and start new with creating a M/P and re-entering or better yet changing the old passwords and letting them be saved anew. I 'screen-printed' the existing Stored passwords and copied to a word doc, plus I turned the doc landscape, R-clicked the image of each page and increased the 'size' to 100% (in my case) so I could read the copied user name / password list (each screen-print image would fill one page in the word doc). I guess I will have to tell it to NOT save the old p/w and wait until I Change it to actually 'save' it. Good luck. Maybe I'm just insane, but remember - "Just because you're paranoid doesn't mean they aren't after you" Joseph Heller.