This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cookies and secure use of authorization data

abre
Making moves
‎06-19-2023 04:50 AM
Status: New idea

Today we are operating by dosens of sites on each work session, including authorization, by the way there is no ability to defend such a sensitive data as authorization cookies. More precisely, there is one - to check a setting to delete all cookies on browser window close but if we use it we have to re-authorize on all our sites  on every new work session. In addition, the use of this setting also has the following disadvantages:

1. All cookies aka authorization keys are being stored in simple sqlite db in user profile folder, which makes it possible to steal this sensitive data when an attacker has physical access to a computer, or via use of viruses.

2. If you did not close the firefox window properly, but instead, for example, simply disconnected the computer from electricity, on the next download you will have firefox window opened with all sites authorized, despite the setting for deleting cookies.

With all these problems, the ability to encrypt passwords using a primary key, which is available in the browser, looks like a mockery.

It is proposed to add to the browser the ability to encrypt cookies using the primary key as well, so if it was not entered when the browser was opened, and the browser was started without entering the primary key, the entire set of cookies from the previous session would be erased.

See more ideas labeled with:
Comment
5 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎06-20-2023 06:41 AM
‎06-20-2023 06:41 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

alezozov
New member
‎06-20-2023 08:44 PM
‎06-20-2023 08:44 PM

Good idea, waiting for implementation 

abre
Making moves
‎06-21-2023 05:37 AM
‎06-21-2023 05:37 AM

Conceptually, this is such an opportunity to block the browser (more precisely, the working environment in the browser) with a master password from an attacker who has gained access to your account on a computer. There is such protection in the password storage clients, including Firefox's built-in password storage functionality, then what is the difference between the cookie storage, which remains completely open at the moment?

ymirer
New member
‎06-26-2023 08:18 AM
‎06-26-2023 08:18 AM

I also find it annoying opening a new session in browser and having my Gmail account open and available even when the primary password is not entered. On the other hand, exiting the Gmail session every time is not convenient, and besides that, I often forget to do this.

jmlvargas
New member
‎06-26-2023 12:59 PM
‎06-26-2023 12:59 PM

I've been waiting for this feature for a long time. My current approach is to log in only in private mode, so nothing is stored in clear text in the workstation (I hope...), but that kinda sucks because I have to re-login to every site I use.

Copyright © 2024 Khoros, LLC