Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox asks for my master password as soon as I open the software and not again with use, does this mean that my master password serves no protective function?

  • 6 பதிலளிப்புகள்
  • 3 இந்த பிரச்னைகள் உள்ளது
  • 1 view
  • Last reply by cor-el

I am concerned that Firefox asks me to insert my master password as soon as I access the programme and then not again during the session with any site for which I have remembered its particular password. This suggests that 'unlocking' my remembered passwords negates any security benefit offered by a master password. Is this so?

I am concerned that Firefox asks me to insert my master password as soon as I access the programme and then not again during the session with any site for which I have remembered its particular password. This suggests that 'unlocking' my remembered passwords negates any security benefit offered by a master password. Is this so?

All Replies (6)

Does one of your homepages require a password for login to that page?

Note that your System Details List shows multiple Flash plugins.

  • Shockwave Flash 15.0 r0
  • Shockwave Flash 12.0 r0

You can find the installation path of all plugins on the about:plugins page.

You can check the Flash player installation folder for multiple Flash player plugins and remove older version(s) of the plugin (NPSWF32) and possibly (re)install the latest Flash player.

  • (32 bit Windows) C:\Windows\System32\Macromed\Flash\
  • (64 bit Windows) C:\Windows\SysWOW64\Macromed\Flash\

When you enter the Master Password when prompted then you log in to the Software Security Device and it is possible to have access to the stored passwords until you log out of the Software Security Device.

  • You can log out from the Software Security Device (e.g. click Cancel in the Show Passwords dialog) to force re-entering the MP once again.
  • Options > Security: Passwords: "Saved Passwords" > "Show Passwords"
  • Options > Advanced > Encryption: Certificates > Security Devices: Software Security Device: Log Out button

As soon as I open the Firefox Start Page I am asked to provide my master password and not again when I am accessing a site with a remembered password. The remembered password is automatically provided to enable a log in to that site. If I cancel the initial master password request I am asked to provide it when logging into a site with a remembered password but not subsequent sites with remembered passwords. It seems that one use of the master password 'unlocks' all remembered passwords and all sites with password required at login are no longer 'protected' by the master password.

Note that details like websites remembering you (log you in automatically) are stored in a cookie. So as long as you have such a remember me cookie the website will recognize you and you won't have to enter the MP to unlock that stored passwords. Sessionstore also can store cookies as part of session data if you reopen pages automatically on the next start.

I am sorry but your response does no address my concern which is that my remembered passwords may be available/accessible to a person hacking into my computer. I had believed that the master password rendered stored site passwords inacessible to others. The requirement to use the master password once only per session suggests to me that it 'unlocks' all my site passwords potentially allowing anyone to view/establish them. Are my assumptions correct? Is there some way I can use the master password to prevent others potentially accessing my remembered site passwords?

See my reply above in [/questions/1026599#answer-643282] As long as you are logged on to the software security device by entering the MP when prompted then your passwords can be accessed without any problem if you would leave the computer unattended. The MP is used to encrypt and decrypt the names and passwords that are stored in the logins.json file that current Firefox versions uses (previously signons.sqlite was used).

There is the signon.autofillForms pref (see the about:config page) that prevents Firefox from filling a name and password automatically if you visit a web page with a log in form when set to false.