搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Passwords are not secure with master password

  • 3 回覆
  • 4 有這個問題
  • 1 次檢視
  • 最近回覆由 Vilko

more options

First, I love how much better the Android version has become. Privacy is really important to me and I've been wanting to switch back to Mozilla for a long time, but some bugs prevented me to do so. Now it's close to perfect, but really don't understand what is the logic behind the way the password manager was implemented, and it's a major no-go for me. The purpose of a master password should be that it is asked EACH time you try to show the passwords in plain text (in the settings), not once per session (which is also very annoying since the purpose of the password manager is to prevent you from having to enter passwords).

In other words:

If I enter my master password but leave the computer turned on or my cell phone on the table without closing Firefox (which most people do), then someone can go to my setting and have a plain text version of all my passwords instantly, which is pretty bad. The other thing is that while I understand that SOME people might want to enter their master password once per session, most people don't care about this and find this actually annoying and this should be optional. This is actually beating the purpose of the password manager which is NOT to have to enter any password. They are masked, and I do not care if someone opens my browser and views my facebook. What I really care about however is that they shouldn't be able to go to my settings and have an easy access to all my passwords in plain text!

So having to enter your password every session should be an option, while having to enter your password should be mandatory each time you open the password manager itself (or at least optional!). What a major security flaw for a browser that prides itself on privacy...

First, I love how much better the Android version has become. Privacy is really important to me and I've been wanting to switch back to Mozilla for a long time, but some bugs prevented me to do so. Now it's close to perfect, but really don't understand what is the logic behind the way the password manager was implemented, and it's a major no-go for me. The purpose of a master password should be that it is asked EACH time you try to show the passwords in plain text (in the settings), not once per session (which is also very annoying since the purpose of the password manager is to prevent you from having to enter passwords). In other words: If I enter my master password but leave the computer turned on or my cell phone on the table without closing Firefox (which most people do), then someone can go to my setting and have a plain text version of all my passwords instantly, which is pretty bad. The other thing is that while I understand that SOME people might want to enter their master password once per session, most people don't care about this and find this actually annoying and this should be optional. This is actually beating the purpose of the password manager which is NOT to have to enter any password. They are masked, and I do not care if someone opens my browser and views my facebook. What I really care about however is that they shouldn't be able to go to my settings and have an easy access to all my passwords in plain text! So having to enter your password every session should be an option, while having to enter your password should be mandatory each time you open the password manager itself (or at least optional!). What a major security flaw for a browser that prides itself on privacy...

被選擇的解決方法

I have found a solution to my problem : an open source software for managing passwords that integrates seamlessly with Firefox and offers cloud sync on multiple platforms, it's called BitWarden. I'll use this instead and turn off password managing in Firefox, and keep using Firefox sync to sync my other data.

從原來的回覆中察看解決方案 👍 1

所有回覆 (3)

more options

Set the master password timeout in about:config. Search for signon.masterPasswordReprompt.timeout_ms and set it to 1000 for 1s timeout or whatever value you are comfortable with.

more options

Thank you for your reply. If I understand correctly however, while this solves half of the issue, this makes the other half worse, because now I will have to enter my password every time I load a page that requires credentials, whereas the purpose of a password manager is to not have to enter any password

more options

選擇的解決方法

I have found a solution to my problem : an open source software for managing passwords that integrates seamlessly with Firefox and offers cloud sync on multiple platforms, it's called BitWarden. I'll use this instead and turn off password managing in Firefox, and keep using Firefox sync to sync my other data.