Summary: Mozilla Firefox now allows users to enhance the security of their stored credentials by requiring device authentication before accessing them.
Threat Actor: N/A
Victim: N/A
Key Point:
- Mozilla Firefox has introduced a new feature that requires users to authenticate with their device’s login, such as a password, fingerprint, or pin, before accessing stored credentials in the browser’s password manager.
- This feature adds an extra layer of protection against unauthorized access to saved passwords, especially for users who share their devices or have remote access to them.
- This feature is similar to the one already available in Google Chromium browsers like Google Chrome, Brave, and Microsoft Edge.
The content:
Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser’s password manager using your device’s login, including a password, fingerprint, pin, or other biometrics.
To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from using the stored credentials without first authenticating with the device.
Like all modern web browsers, Firefox includes a password manager to create unique passwords for every site you visit and then save them in the browser for easier logins in the future.
Google Chromium browsers, such as Google Chrome, Brave, and Microsoft Edge, have included a feature for some time that prevents anyone with local access to your device from viewing saved credentials of filling in login forms.
For example, when attempting to do so on Windows, the browser will open an operating system authentication prompt, asking the user to log…
Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser’s password manager using your device’s login, including a password, fingerprint, pin, or other biometrics.
To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from using the stored credentials without first authenticating with the device.
Like all modern web browsers, Firefox includes a password manager to create unique passwords for every site you visit and then save them in the browser for easier logins in the future.
Google Chromium browsers, such as Google Chrome, Brave, and Microsoft Edge, have included a feature for some time that prevents anyone with local access to your device from viewing saved credentials of filling in login forms.
For example, when attempting to do so on Windows, the browser will open an operating system authentication prompt, asking the user to log in before the credentials will be accessed.
With the release of Firefox 127, Mozilla has finally added a similar feature to the browser.
“For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page,” reads the release notes.
Source: BleepingComputer
Unfortunately, while this protects local access to the password manager, it does not prevent information-stealing malware from stealing stored credentials from infected devices.
Credentials are stored in an encrypted format on disk but are easily decrypted using open-source tools, as the decryption key is stored in the Firefox data.
To further secure Firefox’s password manager, Mozilla suggests setting a Primary Password, which is used to encrypt the password database instead.
Source: BleepingComputer
As these Primary passwords are only known to you and not stored on your computer, they cannot be exported by threat actors, tools, or malware unless they first brute force the password.
However, primary passwords can still be brute forced, so using a long and complicated password is important to make that task much harder, if not impossible, with current hardware.
“An interesting youtube video that may be related to the article above”