All passwords gone / is FF even secure?
suddenly (no update was done) all my passwords are gone from FF. I am asking myself now: What happened? One of the solutions in this Forum helped: Using Shadow copy tool. So this way I could rescue my old profile folder. However, I ask myself now this:
- I was so frustrated of this that I completely deleted my account. So I think all data is safely gone, right? My plan is now to delete the current temporary profile folder, restore the old one, then recreate sync account. Will this work or can I get trouble because the folder name is already used up on FF servers? From my point of view this should not be the case if my account was really(!) deleted and this plan should work.
- Anyway: Although I found a solution I am asking my self why this happened. I had NEVER such an issue with Chrome so I really starting to doubt the security/integrity of FF. If a bookmark gets gone or something like this it is not a big thing to me. But ALL PASSWORDS is a heavy issue. So is there an explanation to this?
- In general I am asking my self if I could continue using FF. Because I just googled this topic intensively now for 2 hours reading a lot stuff and it turns out that password storage (even with master pw) is extremely insecure because of not enough iterations and Hash algorithm used by FF.
So is FF even a secure Browser? To me it doesn't look like that anymore. The main reason switching back from Chrome to FF was data privacy and security. Because I also didn't trust google so much. However, it is much more important to protect me from 3rd party instead of Google/Mozilla. But I am not sure if FF can protect my data very well (suddenly deleting ALL passwords, no secure PW storage).
Thanks for your info! Best, Chris
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
You are using an old version of Firefox, 57. Using old versions of software is not recommended as it leaves you vulnerable to security issues.
Were you using Firefox's password manager to store your passwords? Or were you using another program inside Firefox?
I would suggest updating Firefox, and then getting back to me with some more information.
In the event that the passwords information is lost, you should record all information in a separate text file somewhere else on your hard drive, or written down. You can easily copy and paste if you need to do so. If you are concerned about someone else looking at that file, you can compress it using a password.
Tyler Downer said
You are using an old version of Firefox, 57. Using old versions of software is not recommended as it leaves you vulnerable to security issues. Were you using Firefox's password manager to store your passwords? Or were you using another program inside Firefox? I would suggest updating Firefox, and then getting back to me with some more information.
Hi + thanks for reply,
I used the internal password manager of FF. So when FF asked to save PW I clicked save. There was also a list of all passwords in Settings in a popup. This was completely empty. Even after I started to sync again. Bookmarks etc. were still there but Passwords ALL gone. I feel really scared about this. Hopefully it was not hacked but that is the ONLY explanation for me. Because the other must be FF deleted it accidently.
Was there a security issue in FF 57 that could reveal all passwords?
No, you weren't hacked. And no, there was no security issue that caused your passwords to be revealed.
First, update to 61.0.1
Then, what likely happened was a bad sync, that caused your a passwords to be reset. They weren't stolen, it just seems a corruption caused them to be lost.
thanks for the info!! I hope this feature will be stabilized in future. I think this is critical. Is there a way to download a zip with the content on the sync server to make a backup? Because without shadow copy function in windows I would have died today... :)
Thanks!! Best, Chris
You can easily backup Firefox (and you should always be backing up your data anyway) Back up and restore information in Firefox profiles
I'm glad you got your data back, and I just wanted to emphasize that you need to stay up to date, with all your software
While Firefox's built-in password manager has the closest integration with the browser, you also could consider using a third party (add-on) solution if you want the heaviest encryption on your password store. Those tend to be cloud-based, which is another consideration for you to balance.