cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
xUxSxExR
Making moves
Status: New idea

Firefox Lockwise or how the integrated password-manager is called, it pretty good.

The syncing is centralized, but encrypted, so no problem here. I prefer Syncthing and Keepass, but while KeepassDX works perfectly on Android, KeepassXC doesnt work at all at the moment, so I use it.

 

While there is an option (which should be opt-out, not opt-in!) to encrypt the passwords locally using master passwords on Desktop, there just isn't one on Mobile! This is horrible, as anyone having access to your phone could also read your passwords.

 

Also, phones have fingerprint sensors very often. KeepassDX has a pretty good implementation for "modern unlocking", where the fingerprint unlocks the password and decrypts the vault.

 

This absolutely has to be integrated into Mobile, along with a general Fingerprint-unlock. I mean, its a privacy browser, and there are different factors of privacy. People having access to your browsing history and passwords, is one of the threats some people fear.

 

Thank you for this browser, its the only good non-Chromium one we have.

4 Comments
ansiklopedici
Making moves

@xUxSxExR 
Thank you for feedback and idea.
Firefox use lock screen password on Android device. After you set a lock screen password, try to access your passwords again.

Ekol
Strollin' around

I know Firefox devs have said they don't pretend to bring back master password to mobile, they have said it multiple times actually, but I still don't get their reasoning.

According to them, lock screen is more than enough, but that doesn't consider the very common use case where multiple people at a given home can know how to unlock a device. I may want to share my cellphone or tablet with my daughter so she can play a video game, but still be sure she won't mess with critical accounts from work. Like, I want her to play Stumble Guys whenever she wants without having to worry she may take down our web server just because I got distracted for a second. Most of my apps are quite harmless and I'm not afraid she mess with them, with the exception of something as powerful like a web browser. It's almost as critical as giving her open root access to a terminal.

Again, I get that having a master password in mobile doesn't make it more "secure" in the sense that it stays as hackable as without one, it doesn't really encrypt things, but still it would help as a deterrent for some unpleasant situations. And again, I don't get the reasoning specially because the same logic may be applied to computers: you can encrypt your partition and set a screen lock in most if not all operative systems, why is it different in mobile?

Detroit_yeet
New member

Mobile versions of Firefox should use a primary password

On mobile versions of Firefox, passwords are protected by your phone's own encryption instead of a primary password. On Android (which is what I use), this just means you have to re-enter the same passcode or PIN you use to unlock your phone (usually 4-6 numbers or a few words), and then you can see and copy any and all of the passwords you have saved in Firefox. This is much less secure than having a primary password, especially considering that if someone's snooping in your passwords like this, they either already know your phone's passcode or they're a hacker accessing your phone's files remotely, in which case they can brute force your passcode extremely easily.

I don't know how iOS encrypts your saved passwords, but I'm sure both versions could benefit from just having a primary password like the desktop version.

Jon
Community Manager
Community Manager

(Note: a similar idea has been merged into this thread)