Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Master password not needed for syncing and showing passwords in plain text. How can this be secure?

  • 1 réponse
  • 1 a ce problème
  • 3 vues
  • Dernière réponse par cor-el

more options

I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password?

I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted).

Best, Malte

I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password? I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted). Best, Malte

Toutes les réponses (1)

more options

Are you currently using a master password on some or all connected devices?

All your personal data is encrypted by using a Sync key that is derived from the password of the sync account, so all data that leaves your computer is always encrypted and only this password can decrypt this data.

Once you set a MP then already stored passwords will be encrypted with this master password. One you have entered the MP during a Firefox session like happens when you connect to Sync when Firefox is started logs you in to the Software Security Device and unlocks the password. That Firefox asks for the master password when you want to view the passwords in the Password Manager is not necessary, but is only an extra step added by the Firefox developers.