Does creating a Primary Password protect against someone gaining remote access to my computer?
I am not concerned with anyone in my household gaining access to my passwords. If I somehow give a scammer remote access to my computer, does creating a primary password prevent that person from seeing any user names or passwords that I may have accidentally stored on my computer? I am concerned with third party scammers, not anyone physically gaining access to my laptop.
所有回覆 (5)
Hi,
It may help if Firefox is closed (or if it's open, but you haven't entered the password yet). But generally the best protection is not to give anyone remote access to your computer (especially since I don't think there are many cases when it's really needed) :D
If you do not use the PP then merely having access to logins.json and key4.db is sufficient to inspect the logins by placing them in a Firefox profile folder or use a tool that can handle these two file. The PP encrypts the encryption key (seed) stored in key4.db. No changes are made to logins.json, this means that having access to a copy of key4.db that doesn't have the PP can also decrypt the logins.
You can inspect the current login state and login and logout and change the Primary Password via the Security Device Manager.
- Settings -> Privacy & Security
Security -> Certificates -> Security Devices
In the left panel select "Software Security Device". You can find "Log In" and "Log Out" and "Change Password" in the very right panel. You may have to Zoom out the page or go full screen to make this right panel visible.
I am a member of the '"civilian" public and do not have technical expertise, so I couldn't follow your response. I want to know if the extra step of creating and using a Primary Password is worth the inconvenience of using it. Assume that I have set up a Primary Password but either I have not opened Firefox, or if on line using Firefox, I haven't entered the PP during that session. If I make a mistake by clicking on something I shouldn't have clicked on or somehow some scammer gets remote access to my computer (say through access to my email), can they see my user names and passwords (e.g., for a bank account) that I have entered in the past? Is there some sort of shadow copy of user names and passwords in my hard drive or elsewhere that someone with expertise can access? I know not to knowingly give remote access to my computer. It's the mistakes I'm worried about. Or would the scammer who has gained remote access just wait until I go on line and enter my PP and then see my key strokes anyway? The question is whether it's worth the inconvenience of using a PP if someone with tech knowledgeable can get into my financial accounts anyway. Is the primary reason to use a PP to guard against access to my physical laptop and really not helpful if someone gains remote access? I'm not concerned with the physical use of my laptop, it's the remote access. I realize this is a bit long winded, but I hope it explains my issue better.
There was a recent opinion piece in the New York Times where the author more or less said that with AI, passwords can be easily guessed.
Lisa, theoretically anyone who has sufficient access to your computer (whether remote or physical), could install something that waits until you entr the Primary Password and the stored logins now become accessible.
Your only hope here would be that either you or your antivirus detects this beforehand.
Whereas without a Primary Password, your logins database could be opened very quikly.
P.S. You may not be worried about the people in your household, but a Primary Password would help protect against thieves and nosy computer repair shop staff?
由 TechHorse 於 修改
The Primary Password is only used to unlock the logins stored in the Password Manager (logins.json). The PP doesn't protect against somebody accessing Firefox or data stored on your computer, canceling a PP prompt still allows to open/run Firefox with the only restriction of not having access to stored passwords.