Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Implement Native Application Lock on Authentication Gate with Bio-metric Support (Touch ID/Fingerprint) to prevent data leaks

opnml
Strollin' around
‎04-05-2026 12:06 AM
Status: New idea

The Problem: The "Post-OS Login" Security Gap

Currently, Firefox’s Primary Password only protects the password manager. If a user leaves their computer unlocked or shares a device, an unauthorized party can launch Firefox and instantly access:

  • Active Sessions: Full access to logged-in accounts (Banking, Social Media, Email) via session cookies.

  • Personal Data: Unrestricted access to Browsing History, Bookmarks, and open tabs.

Even on a security-hardened OS, once the browser is launched, your digital life is an open book.

The Proposal: Mandatory Startup Gate with Bio-metric Integration

I am proposing a Native Application Lock that acts as a mandatory gatekeeper before any profile data is initialized.

1. Multi-Modal Startup Authentication:

  • Bio-metric Support: If the device has a fingerprint scanner (Touch ID on macOS, Windows Hello, or Linux fprint), allow the user to unlock the browser with a simple touch.

  • Primary Password Fallback: Always provide a password/PIN entry for devices without bio-metrics or if the sensor fails.

2. Mandatory "Force-Quit" Logic:

  • The authentication prompt must appear before the UI renders.

  • If the user clicks "Cancel" or authentication fails, the browser must terminate the process immediately (SIG-TERM). This ensures no session cookies or history are leaked into memory.

3. Secure Guest Mode:

  • Provide an "Enter as Guest" option on the lock screen.

  • This should launch a sand-boxed, volatile profile in RAM with zero access to the main user’s data. When the guest window closes, all data is purged.

4. Advanced Profile Management:

  • Unified Lock: One bio-metric/password to unlock all profiles.

  • Per-Profile Lock: Option to require different credentials for specific profiles (e.g., a "Vault" profile with a unique password vs. a "General" profile).

Why this matters for Firefox:

  • Modern Security Standards: Bio-metrics are the industry standard for mobile; bringing this to Desktop for the entire browser session (not just the password vault) would be a massive privacy win.

  • User Experience: One-touch login makes high-level security effortless for the user.

  • Privacy Leadership: This fulfills the "Privacy by Design" principle, ensuring that sensitive session data remains encrypted at rest until the user is physically present.

Comment
2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎04-05-2026 12:34 AM
‎04-05-2026 12:34 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Jon
Community Manager
Community Manager
‎04-05-2026 12:36 AM
‎04-05-2026 12:36 AM

Potentially similar idea here: Adding Built-in Password Protected Feature for Firefox Browser 

@opnml if this aligns with your request, we can merge the two threads (and combine the votes) to make sure the conversation stays focused in one space. Just let me know 😃 

Copyright © 2026 Khoros, LLC