Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

RE: Firefox Sync/Account Credentials; when using a Firefox account how are my usernames and login creds. stored in cloud? AES, compressed, etc...?

  • 1 antwoord
  • 1 heeft dit probleem
  • 19 weergaven
  • Laatste antwoord van philipp

more options

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...?

Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times.

Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems.

So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently.


Best Regards;

cincinattus

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...? Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times. Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems. So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently. Best Regards; cincinattus

Alle antwoorden (1)

more options

hi, https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol contains some documentation about that.