Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

What is the point of having primary password since I see It doesnt change password hasjes in login.json?

  • 1 பதிலளி
  • 0 இந்த பிரச்னைகள் உள்ளது
  • 20 views
  • Last reply by Dropa

ardabro
ardabro
more options

One of the help page say: Firefox Desktop encrypts your passwords locally in your user profile directory using a logins.json file. Firefox Desktop uses simple cryptography to obscure your passwords. Mozilla doesn’t have the ability to see passwords, but Firefox Desktop does decrypt the password locally so that it can enter them into form fields.

My understanding is that my local installation uses some auto-generated key to hash my passwords in logins.json. So I established my primary password hoping that all passwords in logins.json will be re-hashed with my new password. But surprisingly ll hashes remain the same. So, where is the security?

One of the help page say: ''Firefox Desktop encrypts your passwords locally in your user profile directory using a logins.json file. Firefox Desktop uses simple cryptography to obscure your passwords. Mozilla doesn’t have the ability to see passwords, but Firefox Desktop does decrypt the password locally so that it can enter them into form fields. '' My understanding is that my local installation uses some auto-generated key to hash my passwords in logins.json. So I established my primary password hoping that all passwords in logins.json will be re-hashed with my new password. But surprisingly ll hashes remain the same. So, where is the security?

All Replies (1)

Dropa
Dropa
more options

You can only see the password in the Browser manager and if you want to protect them then you should password protect your system first that will block prying eyes from looking where they shouldn't. One security is only good as the person whom password protects their system. Don't expect the Browser to be the endall of protection.