- Mozilla Connect
- Ideas
- Password Manager AES256 - But what about the Key?
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Hi Guys,
it is good to have AES256 in place, but in normal usage, we are lazy and just prefer a PIN or sth else to enter each time.
I suggest to have a strong recovery password which can be entered for restoring backups, and otherwise firefox should use windows internal/tpm/FIDO2 U2F etc as alternative.
Firefox should be configureable to:
a) set a strong passphrase for recover
b) use legacy mode with simple pin (as additional layer for local users)
c) make firefox know its on its machine and noone has stolen its data by trojan horse, so copytheft cant encrypt the data with simple 1234-pin number.
hope you got me.. we need internal secure enclaves to unlock automatically.
reason is to protect against stealing password manager data using trojan horses!
this is the biggest risk we need to mitigate!
- New idea 8,054
- Trending idea 65
- Needs more 1
- In review 12
- Exploring more 11
- In development 71
- Not right now 8
- Delivered 179
- Closed 23
