Master Password not carried through sync, new machine accesses to all passwords!
Hi, I have a master password set on my main machine and so my passwords are securely stored and encrypted. My machine has gone in for repairs and so I used my Firefox Sync password on a new PC and when I went to my saved passwords, there was no master password and I was able to reveal all my passwords! This means if someone gets my main sync password, they will be able to reveal all my passwords simply by logging onto another machine, even though I had a master password set?? This seems very very wrong to me?
Všechny odpovědi (2)
I tend not to use Firefox Sync and can not give a proper answer.
I did note someone said this was fixed, but apparently not, and our documentation therefore probably remains correct
- How do I choose what information to sync on Firefox?_what-types-of-information-can-i-share-across-my-devices
Passwords: this synchronizes your login information. This will be disabled if you use a master password
When developing sync there were security issues and the solution used was to disable master passwords if Sync was in use. I remember following the issue at the time but do not now recall all the detail. If you disable Syncing of passwords no doubt your Master Password will work again, can you try that please ?
Are you indicating that you had a master password set, then setup Sync and set that to Sync Logins resulting in Sync disabling your Master Password ? without you realising ?
Also if using Sync on bookmarks take care. It has or had a flaw whereby it may corrupt or duplicate bookmark listings if Bookmarks are Synced, particularly if on a slow internet connection, having many bookmarks, or many changes between the different devices. I know bookmarks snapshot backups have improved in recent versions but it is probably worthwhile considering backing up bookmarks manually occasionally. if something goes wrong with the bookmarks sync it may make it easier to recover.
hi, the purpose of the master password is to protecting the local password store from being read by other users or programs on the machine whereas the sync password is used to encrypt your data before they get transferred off your device.
daveonearth said
This means if someone gets my main sync password, they will be able to reveal all my passwords simply by logging onto another machine, even though I had a master password set?
yes, this is the case and i'm not sure why this seems so wrong to you... in any case it is advised to use a unique and strong password to secure your sync account!