How To Protect Firefox With A Master Password

Protect sensitive information such as saved passwords in Firefox by encrypting them using a master password. Like most web browsers, Firefox offers to save your login details when you log into a website for the first time. It excludes banking websites for obvious security reasons but includes online shopping sites, webmail and forums etc.

Why Save Login Details? Saving login details is useful as the next time you visit that site they will be filled in automatically – a real time saver and you don’t have to remember (and type in) dozens of different usernames and passwords to login to your favorite sites.

How To View Your Saved Login Details – You may be surprised at how many login details Firefox has already saved! Check for yourself by clicking ‘Tools’ in the Firefox menu bar, then click ‘Options’ and click the ‘Security’ tab. Now click the ‘Saved Passwords’ button.

This opens a window showing your saved websites and usernames – click the ‘Show Passwords’ button to display all your passwords too – a lot there right? Click the ‘Close’ button then ‘Cancel’ to return to Firefox.

Is There Any Risk In These Saved Login Details? Yes, it’s a security risk because those usernames and passwords (plus the website addresses they relate to) are stored on your computer without any encryption so they can be easily found and read – not just by viewing them as you did above, but by programs that can record them ‘behind the scenes’ (i.e. even when Firefox is closed).

For example, Nirsoft’s excellent PasswordFox (available to download here) is a free program that does exactly that – as shown in the screenshot below where it has found the saved usernames and passwords stored by Firefox for three major websites (examples only). PasswordFox itself is a safe program that just allows you to check, save or print your saved Firefox login password details.

However, if a virus included a similar program, it could record your saved password details and send that information back to the virus creator to abuse at a later date i.e. they have effectively stolen your online identity e.g. Facebook/email login details and your logins to online shops etc. – an invasion of your privacy and could cause all sorts of personal loss or damage.

passwordfox

How To Minimize The Risk – Firefox can protect sensitive information such as saved passwords by encrypting them using a master password.

If you create a master password, each time you start Firefox, it will ask you to enter the master password the first time it needs to access one of your stored passwords (to log into a site). And because the saved passwords are now encrypted, programs like PasswordFox will no longer be able to find out your website login username and password details :-)

How To Set Up A Master Password

  • Click ‘Tools’ in the Firefox menu bar, then click ‘Options’ and click the ‘Security’ tab
  • Tick the ‘Use A Master Password’ box
  • Type in a password and re-type it to confirm

DO NOT FORGET THIS MASTER PASSWORD or you will not be able to access any of the information protected by it i.e. you will not be able to use any of your saved login details to login to those websites!

  • Click ‘OK’ – you should see the message ‘Master Password Successfully Changed’
  • Click ‘OK’ and ‘OK’ again to return to Firefox – in future, you will need to type in your master password when prompted (just once per Firefox session) to be able to automatically login to your saved websites.

How Can I Test It Works?

If you try to view your saved passwords in the Firefox options you should now be prompted to enter your master password. Alternatively, run the PasswordFox program again and you will find that this time all the Usernames and Passwords it finds for each saved website are now blank – because they are encrypted they cannot be retrieved by viruses or someone who stole/illegally accessed your computer.

2 Responses to: "How To Protect Firefox With A Master Password"

  1. pat says:

    i use Chrome, is there a similar master password in Chrome cos i can’t find it?

  2. admin says:

    No – Google have repeatedly refused to add a master password to Chrome which is just plain stupid. There is no justification – if that is their attitude to your security we personally would avoid Chrome!

    You can search for add-ons/extensions at the Chrome web store that might help but you shouldn’t have to rely on third parties to keep your passwords safe…