cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cy_narrator
New member
Status: New idea

I do not see any difference between writing passwords in a piece of paper vs saving passwords in the browser in its default unencrypted form without master password. In fact I would say writing password in a piece of paper becomes a bit more secure compared to saving passwords in the browser because you can at least be responsible enough to hide that piece of paper in a safe compared to passwords saved in your browser which is always two clicks away.

 

Someone with two cents of security needs can use master password to encrypt the password but it is not what majority do. For majority of people, their passwords is just in the Passwords option in the hamburger menu. This can definitely be improved.

There are two easy ways to set it up I see,

1: Make master password mandatory and warn the user they cannot forget it. If they do not provide master password, they cannot save passwords in the browser, as easy as that.

2: Disable the option to view passwords if done in an insecure way, meaning if there is no master password present. This is not full fledged solution but will help against most normal computer users. Surely a 'hacker' can find the passwords file somewhere in the computer and open it up with notepad but that is statistically not most people

2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

MintMain21
Familiar face

Seems a bit daunting to completely lock Firefox's Password Saving Features behind setting up a Master Password, but it's a good idea at the very least to warn users to remember their Master Password at all costs before setting it up.

I completely agree with the OP that it's generally unwise to save passwords without a Master Password, but I'm concerned that many users would not like the change and prefer the current standard of accessibility. As for me, I use Bitwarden anyway, so I'm indifferent to how Firefox handles Passwords in my everyday browsing, so for me it's how others use Firefox that matters most.