As described in title. No mentioning of Firefox’s build-in password manager is given in the password manager recommandation, which mentions edge, Google Chrome, and Apple.
I’d be ok recommending it, Firefox Sync is already on the site as well.
1 Like
I am not in favour of this. There are many exfilltration attacks on browser stored passwords. If the sync is e2ee it does not mean it is stored well. Also this sync will not be as cross platform as dedicated password managers.
https://support.mozilla.org/en-US/questions/1388181
As far as I know Firefox stores the passwords in plain text in the profile folder. You can set a master password, but I am unfamiliar where in keeps the decrypted keys during a session.
4 Likes
Just checked, it does not store them in plaintext, even without a primary password.
2 Likes
Maybe its resolved. It used to be a big issue.
See here some famous groups have used such methods.
https://attack.mitre.org/techniques/T1555/003/
It still leaves the platform support. I would prefer a solution that works on all devices and is for start focussed on security.
1 Like
I did find this tool that’s supposed to try and decrypt your Firefox passwords (if you have a Primary password it just gives up), but I can’t get it to work on macOS so if anyone else wants to give it a go I’d be interested to see what your results are.
1 Like
What device support are you looking for that firefox doesn’t provide? It works on Mac, PC and Linux as well as iOS and Android. I have no idea what device you are wanting support for which firefox doesn’t have but something like AnyPass or whatever would.
1 Like
Same, it works on more platform than some cloud drive (a lot does not work on linux) used to store kpxc files. The only lack may be browser side but if the only usage is on Your device and you want to use a Built-in password manager than you’re probably using firefox. Nothing theoretical here.