搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Master password not needed for syncing and showing passwords in plain text. How can this be secure?

  • 1 回覆
  • 1 有這個問題
  • 3 次檢視
  • 最近回覆由 cor-el

more options

I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password?

I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted).

Best, Malte

I've just made a clean windows 10 install on my main computer, and installed linux mint 18 on a virtualbox - all machines running firefox. I signed in to sync and ALL my passwords synced WITHOUT asking for the Master Password. This makes me eerie. I was even able to show passwords in plain text. Are the passwords synced to the server unencrypted, and how am I able to see the synced passwords without the Master Password? I am not sure, but I might have set up the Master Passwords AFTER saving password (thus being unencrypted). Best, Malte

所有回覆 (1)

more options

Are you currently using a master password on some or all connected devices?

All your personal data is encrypted by using a Sync key that is derived from the password of the sync account, so all data that leaves your computer is always encrypted and only this password can decrypt this data.

Once you set a MP then already stored passwords will be encrypted with this master password. One you have entered the MP during a Firefox session like happens when you connect to Sync when Firefox is started logs you in to the Software Security Device and unlocks the password. That Firefox asks for the master password when you want to view the passwords in the Password Manager is not necessary, but is only an extra step added by the Firefox developers.