Secure primary password replaced by insecure PIN
Why has the primary password function (in my case fairly secure) been replaced with the very insecure Android PIN. More importantly, how does Firefox Android decrypt saved passwords without the primary password, or are they now stored in an unencrypted form?
All Replies (3)
Hi
Thank you for your question.
The primary password feature was removed in the update as it was not as secure as we would have liked it to have been. Your login in credentials are stored in an encrypted form and in such a way that apps outside of Firefox for Android are unable to access them. Naturally, I recommend that your secure your device with the built in device encryption and passwords.
Hi Seburo,
Thanks for the informative reply and I understand the reasoning for the change based on security issues. However, for myself, it had the unfortunate result of, post automatic app update, removing my secure 16_character password and replacing it with a relatively insecure 4_digit PIN. If this had occurred with the Windows version, it probably would not have had the same impact. OS versions for PCs tend to have better password complexity. (Although, thinking that you have two level security of OS/Firefox is also downgraded.) Phones, although possibly as powerful as a laptop, have a different usage model and trying to have the equivalent of a 16_character password for my Android phone would make it difficult to use (for me). Unfortunately I think the only solution for me is to remove Firefox from my Android phone. Cheers, Brent.
Thank you for your feedback.