Jump to content
  • Mozilla Firefox can now secure access to passwords with device credentials


    Karlston

    • 526 views
    • 3 minutes
     Share


    • 526 views
    • 3 minutes

    Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics.

     

    To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from using the stored credentials without first authenticating with the device.

     

    Like all modern web browsers, Firefox includes a password manager to create unique passwords for every site you visit and then save them in the browser for easier logins in the future.

     

    Google Chromium browsers, such as Google Chrome, Brave, and Microsoft Edge, have included a feature for some time that prevents anyone with local access to your device from viewing saved credentials of filling in login forms.

     

    For example, when attempting to do so on Windows, the browser will open an operating system authentication prompt, asking the user to log in before the credentials will be accessed.

     

    With the release of Firefox 127, Mozilla has finally added a similar feature to the browser.

     

    "For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page," reads the release notes.

     

    windows-auth-device-login.jpg

    Using Windows authentication to access the Firefox password store
    Source: BleepingComputer

     

    Unfortunately, while this protects local access to the password manager, it does not prevent information-stealing malware from stealing stored credentials from infected devices.

     

    Credentials are stored in an encrypted format on disk but are easily decrypted using open-source tools, as the decryption key is stored in the Firefox data.

     

    To further secure Firefox's password manager, Mozilla suggests setting a Primary Password, which is used to encrypt the password database instead.

     

    master-password.jpg

    Setting a Primary Password in Firefox
    Source: BleepingComputer

     

    As these Primary passwords are only known to you and not stored on your computer, they cannot be exported by threat actors, tools, or malware unless they first brute force the password. 

     

    However, primary passwords can still be brute forced, so using a long and complicated password is important to make that task much harder, if not impossible, with current hardware.

     

    Source

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every single day for many years.

    2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...