Join us and the lead editor of IRL, Mozilla's multi-award-winning podcast, for a behind-the-scenes look at the pod and to contribute your ideas for the next season, themed: "AI and ME." Mark your calendar and join our Community Call on Wednesday, Aug 7, 17:00–17:45 UTC. See you there!

Avatar for Username

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

Password security

  • 2 件の返信
  • 0 人がこの問題に困っています
  • 最後の返信者: Ian Smith

Ian Smith
Ian Smith
more options

OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let anyone using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?

OK - I must be missing something. On my previous browser, Opera, if I wanted to see details of my passwords then I needed to put in the computer password, so keeping them quite secure. However, Firefox seems to let '''anyone''' using the browser to access the full details of all my passwords, even offering to copy them! This has to be the most insecure approach possible - surely this can't be correct, can it?

選ばれた解決策

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

この回答をすべて読む 👍 1

すべての返信 (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

選ばれた解決策

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key4.db file. The primary password encypts the key stored in key4.db and thus add an extra security level. If you do not use a primary password then having access to key4.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

役に立ちましたか?

Ian Smith
Ian Smith 質問者
more options

I confess, I'm astonished that the default is to allow anyone using the browser to be able to access all password info. This browser is really not suitable for the general public, IMHO.

役に立ちましたか?

質問する

投稿に返信するには あなたのアカウントにログイン する必要があります。まだアカウントをお持ちでなければ、新しい質問を開始 してください。