Firefox 29 synch requires master password removal to work.
So, ANYONE with access to my computer can see my passwords. Have you gone TOTALLY MAD???
The point of encrypting passwords in a file is now redundant. Plain text passwords can be seen by anyone with access to one of my machines.
Come on, how about some common sense, and restore allowing master password and sync to work ok together.
所有回复 (4)
I guess you can use a master password to protect them, go to firefox preferences then under security tab check "Use a master password" option and set a password, now only you can view the sensitive information.
Well I think this reply misses the point.
A major part of sync is that it syncs passwords. It no longer does this if you use a master password.
So the choice now is:
1. Use a master password and lose sync on passwords - not much use if you use random passwords
2. Don't use a master password and anyone who can turn my PC on can see all my usernames/passwords in plain text.
This is a major reduction in functionality. I have moved to Pale Moon for the time being as it retains the concern for security in previous FF versions.
If a master Password is enabled, Synch 'Passwords' is greyed out, and Passwords therefore can (and are) no longer synched between machines.
Sync is now USELESS...
Just a few general thoughts (even if I don't use FF sync for now)
a) isn't FF Sync SUPPOSED TO "encrypt" your sync data ? Encrypted during transfer while uploading, while downloading. So the data are useless for sniffers on your connetion "to the net", and ... when the Mozilla "vault" gets broken into, it won't be very helpful for the burglars either.
b) If a) is right, AND you keep your passwords within FF (AND behind a master PW) ... mayb you need to remove the master PW right before sync. AT THAT MOMENT (and until you reactivate MP) your passwords will indeed be vulnerable. So I guess it is wise to sync "manually" :
So I develop -guessing of course- a little plan :
1 (on your device) : open FireFox 2 Sync step: . . . . . . 2.1Enter master PW / unlock passwords . . . . . . 2.2 FF Sync (traffic between browser and sync vault should be encrypted) . . . . . . 2.3 after sync: re-enable master PW 3 Browse freely 4 Before shutdown: repeat syncstep 2 5 close browser
Yes, your passwords may ne vulnerable if your device gets hacked into DURING phase 2 or 4
Is this an acceptable risk ?
Another option may be to use another password manager. That MAY BE safer, or not. I started using xmarks (sync bookmarks between machines) and later Lastpass (sync passwords only). They seem to work. Today FF, but ONLY for FF of course. Xmarks / Lastpass CAN be used to sync on the "work" machine too, where MSIE is needed too, for pwd protected "intranet" stuff.