Is the Primary (formerly called "Master") password shared or Ff synchronised between different devices?
Is the Primary (formerly called "Master") password shared or Firefox synchronised between different devices?
The reason that I ask this is that I am a decrepit and ignorant old bugger in his 8th decade that has been using Firefox for nearly 25 years. Consequently I have a lot of passwords stored in Firefox's password manager that I REALLY do not want to lose.
Unfortunately, on my main desktop machine, becoming more paranoid after a suspected identity theft attack, I decide to change the Master Password (recently re-named to Primary Password) to something longer and harder to guess or break.
Unfortunately I have forgotten what I changed it to ! (I can remember the first 15 characters but then not the ending sequence...)
However, I discovered that on an old laptop (that had not been connected to the internet for a long time - and I've disconnected it from the local Wi-Fi now) that my old password still worked and I could still see many of the old passwords (since it had not been synchronised).
I am worried that if I try and restore my passwords by now connecting to the internet and synchronising, I will then be locked out of this remaining treasury of my passwords if Firefox synchronisation then disastrously changes the old password (that I still remember) to the new password that I have forgotten - hence my question...
PS: I still have a paper record of something called an "Account Recovery Key" consisting of 8 groups of 4 alphanumeric characters (each group only contains capital letters and numerals - although one 4 character group does not contain any numerals at all, but all groups have at least one capital letter). Could I use this to recover the misremembered new password?
PPS: Don't you think it is always a bad idea to include both zeroes and letter Oh for Oscars in this account recovery key as capital letters rather than lower case letters, since they look so similar?
ie z00 or zoo is less prone to confusion that Z00 or ZOO
All Replies (8)
The Primary Password is local to one profile (it modifies the key4.db file in that profile). It is completely separate from your Mozilla Account and does not sync. If you lose the Primary Password and need to reset it, you locally saved logins are kaput.
To see what is currently in the Sync cloud, you could install the About Sync add-on from:
https://addons.mozilla.org/firefox/addon/about-sync/
After installing that, you can view your cloud data by typing or pasting about:sync in the address bar and pressing Enter to load the page.
The "crypto" section of the page should show what is saved on the server. Presumably quite a bit if you have been using Sync on your main installation of Firefox. I don't sync passwords, so I can't tell you exactly what that will look like, but I think they are human-readable.
Does Sync have your logins?
I don't know whether there is a convenient way to back up or export the list from that page for safekeeping. There is an HTML table, so a very messy copy/paste is possible.
Thanks very much for your prompt attempt to help me, but unfortunately your suggestion to use the "About Sync" add-on is moot.
That is because as soon as you try to enter "about:sync" into Firefox' address bar, you are immediately presented with a "Please enter your Primary Password" request !
I take it that my "Account Recovery Key" consisting of 8 groups of 4 alphanumeric characters is no help in recovering my Primary Password?
There isn't an account recovery key for the Primary Password, so that must be for your Mozilla Account login.
You could create a new profile and sign in to your Mozilla Account there. Here's how:
New Profile Test
Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.
Take a quick glance at the page and make a mental note of which Profile has this notation: This is the profile in use and it cannot be deleted. That is your current default profile.
Click the "Create a New Profile" button, then click Next. Assign a name like Test2025, ignore the option to relocate the profile folder, and click the Finish button.
Firefox will switch your default profile to the new one, so click the Set as Default Profile button for your regular one to avoid an unwanted surprise at your next startup.
Scroll down to Test2025 and click its Launch profile in new browser button.
Firefox should open a new window that looks like a brand new, uncustomized installation. (Your existing Firefox window(s) should not be affected.) Go ahead and sign in to your Mozilla Account (there is no saved login in the new profile, so you should not be prompted to enter a Primary Password.
Can you see your saved logins in Sync in this profile?
When you are done with the experiment, you can close the extra window without affecting your regular Firefox profile. (Test2025 will remain available for future testing.)
I gave up on recovering my lost, 16 character Primary password on my desktop Dell.
When I entered in the Firefox address the following location: chrome://pippki/content/resetpassword.xhtml
As expected, the "Reset Primary Password" page then appeared. I then clicked the Reset button to reset my Primary password.
As expected I then got an email with a 6 digit code at my Mozilla registered email address and after, entering this into Firefox, I chose the 16 character password that was not accepted before.
What happened next was unexpected and is a huge security bug:
I was expecting that resetting my Primary Password would remove all of my saved usernames and passwords. Amazingly, instead I then got access to all my latest passwords - including ones that I had only previously entered on my desktop Dell !
Before you ask, the first thing that I did after resetting my Primary password was disable synchronisation and internet access...
Obviously I am happy to have recovered more than 1000 "lost" passwords (but less than happy about this huge security flaw).
Now I want to add the old passwords (from 2 laptops and 4 Android mobiles) but now paranoid that as soon as I reboot my Dell, the recovered passwords will disappear again.
Is there a switch to enable one way synchronisation? How does the Firefox password manager decide which passwords to overwrite when synchronisation is carried out normally?
I can only guess that you got your logins back via Sync and not from the local file. But I'm not going to reset my Primary Password to test it myself!
G-Old-NZ-Compaq said
Now I want to add the old passwords (from 2 laptops and 4 Android mobiles) but now paranoid that as soon as I reboot my Dell, the recovered passwords will disappear again. Is there a switch to enable one way synchronisation? How does the Firefox password manager decide which passwords to overwrite when synchronisation is carried out normally?
I don't know about this. Some data is kept separate in the Sync cloud (on a per-device basis), but other data is merged.
jscher2000 - Support Volunteer Top 10 Contributor wrote: "I can only guess that you got your logins back via Sync and not from the local file."
I did write the truth before - that I disabled internet access and disabled synchronisation so how can your guess be correct? Please report this security bug to the relevant quarter !
Quote: the first thing that I did after resetting my Primary password was disable synchronisation and internet access...
You should have disabled or disconnect Sync or resetting the Sync password before resetting the Primary Password. If you cancel the PP prompt issued by Sync then you should be able to continue using Firefox without problems without using Sync.
G-Old-NZ-Compaq said
jscher2000 - Support Volunteer Top 10 Contributor wrote: "I can only guess that you got your logins back via Sync and not from the local file." I did write the truth before - that I disabled internet access and disabled synchronisation so how can your guess be correct? Please report this security bug to the relevant quarter !
You can submit a bug, but I suggest testing it in a clean new profile to see whether you can replicate it. In my test, in a clean profile not signed in to Sync, resetting the Primary Password erased my saved login. (Screenshots attached.)
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.