搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox Sync is completely insecure

  • 3 个回答
  • 2 人有此问题
  • 10 次查看
  • 最后回复者为 mr_gou

more options

After my Android mobile phone was stolen, I was stunned when I read this: https://support.mozilla.org/en-US/kb/disable-firefox-sync-lost-phone-or-tablet. It simply is an admission that Firefox sync is completely insecure. Any other similar services allow to dissociate a specific device so that the data cannot be accessed. However, with Firefox, the so-called most secure browser, all passwords can be accessed on a stolen device, even in clear with the password manager extension, and there is nothing you can do about it! That's just incredible!

After my Android mobile phone was stolen, I was stunned when I read this: https://support.mozilla.org/en-US/kb/disable-firefox-sync-lost-phone-or-tablet. It simply is an admission that Firefox sync is completely insecure. Any other similar services allow to dissociate a specific device so that the data cannot be accessed. However, with Firefox, the so-called most secure browser, all passwords can be accessed on a stolen device, even in clear with the password manager extension, and there is nothing you can do about it! That's just incredible!

所有回复 (3)

more options
with Firefox, the so-called most secure browser, all passwords can be accessed on a stolen device

This is only true if you don't take any precautions. If you're so security conscious as it sounds, why didn't you think about that before your device got stolen?

and there is nothing you can do about it!

Not true. https://support.mozilla.org/en-US/kb/using-master-password-firefox-android

Did you bother to set a master password?

Whether it's a good idea to make sensitive passwords available on a mobile device in the first place is a different story.

more options

to add to the prior reply: as it is built now, firefox sync is not a separate data source that you can plug in & out of a device. it is a service that brings the local data of multiple devices to the same level (so data that arrives on your device via sync is no different than data you manually enter on a device which isn't connected to an account).

more options

I understand your point, but what I'm questioning is that you can't dissociate a connected device, which is a pretty standard feature of many synchronized data services, such as Google, Evernote, Facebook, Dropbox and others. For a feature that stores data such as password, this is a huge gap.