Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Are my password on the local PC not protected?

  • 1 baphendule
  • 0 zinale nkinga
  • 25 views
  • Igcine ukuphendulwa ngu cor-el

more options

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure.

Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure. Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.
Ama-screenshot ananyekiwe

Okulungisiwe ngu nikitakirenkov

Isisombululo esikhethiwe

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1

All Replies (1)

more options

Isisombululo Esikhethiwe

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.