Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

Password security

  • 2 réponses
  • 0 a ce problème
  • 23 vues
  • Dernière réponse par Ian Smith

Ian Smith
Ian Smith
more options

OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let anyone using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?

OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let '''anyone''' using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?

Solution choisie

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

Lire cette réponse dans son contexte 👍 1

Toutes les réponses (2)

cor-el
cor-el
  • Top 25 Contributor
  • Moderator
more options

Solution choisie

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

Ian Smith
Ian Smith Auteur de la question
more options

I confess, I'm astonished that the default is to allow anyone using the browser to be able to access all password info. This browser is really not suitable for the general public, IMHO.