Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why Master Password preference it's not synced on all firefox devices?

  • 3 iimpendulo
  • 1 inayo le ngxaki
  • 16 views
  • Impendulo yokugqibela ngu cor-el

more options

Hi. I'm using firefox developer edition after migration from google chrome.

I see that adding a new device sync all correctly, but the master password for the wallet result as inactive, it's not this an insecure situation?

If I set master password for the "password" wallet on the device 1 and the new device 2 sync the data, it will ask to the new user the master password to unlock and use it, instead to be opened without any lock.

Also..which kind of encryption protection method it use? I mean.. it's really secure to store in it credit cards.. etc?

Thank you.

Hi. I'm using firefox developer edition after migration from google chrome. I see that adding a new device sync all correctly, but the master password for the wallet result as inactive, it's not this an insecure situation? If I set master password for the "password" wallet on the device 1 and the new device 2 sync the data, it will ask to the new user the master password to unlock and use it, instead to be opened without any lock. Also..which kind of encryption protection method it use? I mean.. it's really secure to store in it credit cards.. etc? Thank you.

All Replies (3)

more options

The Primary/Master Password works locally and each (desktop) device can have its own primary password, so it is your responsibility to set this primary password on each device (mobile devices do not use the primary password). The PP is never synced to other devices because data on Sync server is encrypted locally using a key derived from the password of the Sync account before it is uploaded.

more options

Ok. This mean that the data it's decrypted when the user perform the login in the firefox account and it's not encrypted in the remote server using the master password like the majority of the passwords manager?

more options

On the remote server is all data encrypted with the password of the Firefox Account you use for Sync. This means that you first need to unlock the passwords by entering the primary password to make it possible to re-encode these logins. This way all login data on the Sync server is encrypted and not only username and password like is done locally, but also data like the URL (website) that is normally not encrypted to make it possible to check if there is a login stored and when found prompt to enter the primary password. So, the primary password works locally and each device has its own primary password and data on the Sync server is encrypted with a different password (password used for the Sync account). The password for the Sync account is stored in Lockwise as a hidden entry, i.e. it is not visible in Lockwise, but it is stored in logins.json.