On 15 February 2015 at 02:39, Timothy Murphy <gayleard@xxxxxxxxxx> wrote: > I was rather surprised to find that I could read the passwords > stored by Mozilla/Firefox (Preferences=>Security). > I always assumed they were encrypted in some way. > Pure ignorance, I guess. > > In the past the username/password pairs were stored in signons*.txt then it was changed to use signons.sqlite and starting from Firefox 32.0 logins.json is used. AFAIU the usernames and passwords stored in those files are encrypted and the encryption key is key3.db, in the profile directory. You can see them in the password manager GUI because they were decrypted for you. Anyone who has access to your machine and consequently access to logins.json and key3.db can copy those two files to another Firefox profile or a different machine and gain access to your passwords. To guard against that you'd have to set a Master password in Firefox, which locks access to that data altogether (but it adds the inconvenience of having to enter that password every time you start Firefox). (Looks like a reasonable method to me). c.f. http://kb.mozillazine.org/Password_Manager -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
