Master password not needed for syncing and showing passwords in plain text. How can this be secure?
I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password?
I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted).
Best, Malte
All Replies (1)
Are you currently using a master password on some or all connected devices?
All your personal data is encrypted by using a Sync key that is derived from the password of the sync account, so all data that leaves your computer is always encrypted and only this password can decrypt this data.
Once you set a MP then already stored passwords will be encrypted with this master password. One you have entered the MP during a Firefox session like happens when you connect to Sync when Firefox is started logs you in to the Software Security Device and unlocks the password. That Firefox asks for the master password when you want to view the passwords in the Password Manager is not necessary, but is only an extra step added by the Firefox developers.