Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Passwords are not secure with master password

  • 3 답장
  • 4 이 문제를 만남
  • 16 보기
  • 최종 답변자: Vilko

more options

First, I love how much better the Android version has become. Privacy is really important to me and I've been wanting to switch back to Mozilla for a long time, but some bugs prevented me to do so. Now it's close to perfect, but really don't understand what is the logic behind the way the password manager was implemented, and it's a major no-go for me. The purpose of a master password should be that it is asked EACH time you try to show the passwords in plain text (in the settings), not once per session (which is also very annoying since the purpose of the password manager is to prevent you from having to enter passwords).

In other words:

If I enter my master password but leave the computer turned on or my cell phone on the table without closing Firefox (which most people do), then someone can go to my setting and have a plain text version of all my passwords instantly, which is pretty bad. The other thing is that while I understand that SOME people might want to enter their master password once per session, most people don't care about this and find this actually annoying and this should be optional. This is actually beating the purpose of the password manager which is NOT to have to enter any password. They are masked, and I do not care if someone opens my browser and views my facebook. What I really care about however is that they shouldn't be able to go to my settings and have an easy access to all my passwords in plain text!

So having to enter your password every session should be an option, while having to enter your password should be mandatory each time you open the password manager itself (or at least optional!). What a major security flaw for a browser that prides itself on privacy...

First, I love how much better the Android version has become. Privacy is really important to me and I've been wanting to switch back to Mozilla for a long time, but some bugs prevented me to do so. Now it's close to perfect, but really don't understand what is the logic behind the way the password manager was implemented, and it's a major no-go for me. The purpose of a master password should be that it is asked EACH time you try to show the passwords in plain text (in the settings), not once per session (which is also very annoying since the purpose of the password manager is to prevent you from having to enter passwords). In other words: If I enter my master password but leave the computer turned on or my cell phone on the table without closing Firefox (which most people do), then someone can go to my setting and have a plain text version of all my passwords instantly, which is pretty bad. The other thing is that while I understand that SOME people might want to enter their master password once per session, most people don't care about this and find this actually annoying and this should be optional. This is actually beating the purpose of the password manager which is NOT to have to enter any password. They are masked, and I do not care if someone opens my browser and views my facebook. What I really care about however is that they shouldn't be able to go to my settings and have an easy access to all my passwords in plain text! So having to enter your password every session should be an option, while having to enter your password should be mandatory each time you open the password manager itself (or at least optional!). What a major security flaw for a browser that prides itself on privacy...

선택된 해결법

I have found a solution to my problem : an open source software for managing passwords that integrates seamlessly with Firefox and offers cloud sync on multiple platforms, it's called BitWarden. I'll use this instead and turn off password managing in Firefox, and keep using Firefox sync to sync my other data.

문맥에 따라 이 답변을 읽어주세요 👍 1

모든 댓글 (3)

more options

Set the master password timeout in about:config. Search for signon.masterPasswordReprompt.timeout_ms and set it to 1000 for 1s timeout or whatever value you are comfortable with.

more options

Thank you for your reply. If I understand correctly however, while this solves half of the issue, this makes the other half worse, because now I will have to enter my password every time I load a page that requires credentials, whereas the purpose of a password manager is to not have to enter any password

more options

선택된 해결법

I have found a solution to my problem : an open source software for managing passwords that integrates seamlessly with Firefox and offers cloud sync on multiple platforms, it's called BitWarden. I'll use this instead and turn off password managing in Firefox, and keep using Firefox sync to sync my other data.