My computer has been hacked and now I have chrome://weave in my passwords
I was using an unprotected wifi for about 3 days and now I have unknown programs running and sometimes commond prompt boxes suddenly poping up and dissapearing. I'm nolonger using the computer and I'm changing all my passwords just in case. (not getting FF to remember them)
But there are unknown usernames and passwords in my synced passwords. https://support.mozilla.org/en-US/questions/930340 Does this mean the hacker has all my FF passwords and can access it anywhere and anytime if I change them is sync? Should I make a new Sync account?
ఎంపిక చేసిన పరిష్కారం
Without a master password set it is quite easy to have access to all stored password, including the password of the sync account and the sync key.
So it is always strongly advised to set a MP, especially if others can have access to the computer(s).
- https://support.mozilla.org/kb/Protecting+stored+passwords+using+a+master+password
- https://support.mozilla.org/kb/protecting-stored-passwords-mobile
ప్రత్యుత్తరాలన్నీ (5)
That are the name and password and sync key that Firefox uses to connect to the sync account, so if you see them in the password manager then that means that you've set up sync successfully.
Sync was formerly named Weave.
You can find the Password of the Sync account and the Sync Key in the password manager on computers where have setup that sync account with a specific e-mail address.
Look for:
- chrome://weave (Mozilla Services Password)
- chrome://weave (Mozilla Services Encryption Passphrase)
So, this is sensitive info, then? If someone pulls this out of my "saved passwords" can they do damage?
If they can log into Sync as me, then I guess they could delete my add-ons, or add bad add-ons, change my settings, etc., right?
So, if you use Sync, you should use a master password, then, right? Or is it not necessary?
For someone to log onto your Sync account, they would need the username and password for your sync account, as well as the randomly generated 128bit key you were given when you created your account. This key is not stored anywhere on Firefox Sync's servers and should be known only to you (provided you didn't store it in a public location).
If you have access to your computer and the data on your Firefox, you can reset the Key and thus delete all the data in Firefox sync. Then you can just sync Firefox again with the new key, and you'll be all set to go. https://support.mozilla.org/en-US/kb/how-do-i-manage-my-firefox-sync-account
Well, actually, I should have phrased that differently. I mean "log in" as in "sync some machine that's not mine". But in any case, do you know if I need to guard those two entries in my password list under tools>>options>>security>>saved passwords with a master password? Or are they useless to anyone else?
Like, say I'm working late, the janitor is really a hacker, he sees me get up to go to the bathroom, and he sits down and goes under T>>O>>S>>SP and gets those two entries. Now can he go put those in his machine at the hackers den, install some bad add-in, sync it to my machine, and do bad things? (for example).
On the whole other side of the coin, say someone posts those keys on the internet, is that dangerous? Most people probably wouldn't know what to do with them if they saw them, and most people are honest, but that's not the point.
Bottom line, do I need a master password, or not? Those are the only two entries in the 'vault'. I sure don't want to have to key in a password every day if those keys are just worthless hashes or something.
thanks for reply
ఎంపిక చేసిన పరిష్కారం
Without a master password set it is quite easy to have access to all stored password, including the password of the sync account and the sync key.
So it is always strongly advised to set a MP, especially if others can have access to the computer(s).