How to protect sensitive information such as saved passwords in Firefox by encrypting them using a Master Password.
Like most web browsers, Firefox offers to save your login details when you log into a website for the first time. It excludes banking websites for obvious security reasons but includes online shopping sites, webmail, Facebook and forums etc.
Why Save Login Passwords?
Saving login passwords can be very useful as the next time you visit that site they will be filled in automatically – a real time saver and you don’t have to remember (and type in) dozens of different usernames and passwords to login to your favorite websites.
If you are using strong passwords (and you should, to avoid them being hacked) then you could write them all down and type the password into a website every time you logon…
But the easiest way to work with strong passwords is to use a Password Manager and let it remember them all for you.
How To View Your Saved Login Details
You may be surprised at how many login details Firefox has already saved for you! Check for yourself by clicking the 3 bar Menu icon in the Firefox menu bar, then click ‘Options’ and click the ‘Privacy and Security’ tab on the left.
Under ‘Logins and Passwords’ click the ‘Saved Logins’ button. This opens a popup showing your saved websites and usernames – click the ‘Show Passwords’ button to display all your passwords too – a lot there right? Click the ‘Close’ button to return to Firefox.
Is There Any Risk In These Saved Login Details?
Yes, it’s a security risk because those usernames and passwords (plus the website addresses they relate to) are stored on your computer without any encryption so they can be easily found and read – not just by viewing them as you did above, but by programs that can record them ‘behind the scenes’ (even when Firefox is closed).
For example, Nirsoft’s excellent PasswordFox (available to download here) is a free program that does exactly that.
As shown in the screenshot below, it has found the saved usernames and passwords stored by Firefox for three major websites (examples only). PasswordFox itself is a safe program that just allows you to see, save or print your saved Firefox login password details.
However, if a virus or hacker included a similar program, they could record your saved password details and send that information back to them to abuse at a later date
I.e. they could effectively steal your online identity e.g. Facebook and email login details and your logins to online shops – an invasion of your privacy which could cause all sorts of personal loss or damage.
How To Minimize The Risk
Firefox can protect sensitive information such as saved passwords by encrypting them using a Master Password.
If you create a master password, each time you start Firefox, it will ask you to enter the master password the first time it needs to access one of your stored passwords (to log into a site).
And because the saved passwords are now encrypted, programs similar to PasswordFox will no longer be able to find out your website login username and password details :-)
How To Set Up A Firefox Master Password
Click the 3 bar Menu icon in the Firefox menu bar, then click ‘Options’ and click the ‘Privacy and Security’ tab on the left.
Under ‘Logins and Passwords’ tick the ‘Use A Master Password’ button. This opens a popup allowing you to set a Master Password.
- Type in a strong password and re-type it to confirm
DO NOT FORGET THIS MASTER PASSWORD or you will not be able to access any of the information protected by it i.e. you will not be able to use any of your saved login details to login to those websites!
- Click ‘OK’ – you should see the message ‘Master Password Successfully Changed’
- Click ‘OK’ to return to Firefox – in future, you will need to type in your master password when prompted (just once per Firefox session) to be able to automatically login to your saved websites.
How Can I Test The New Firefox Master Password?
If you try to view your saved passwords in Firefox Options you should now be prompted to enter your master password, otherwise you won’t be able to view them.
Alternatively, run the PasswordFox program again and you will find that this time all the Usernames and Passwords it finds for each saved website are now blank, because they are encrypted – this means they cannot be retrieved by viruses or a hacker who stole or illegally accessed your computer.