Master password: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(bring up to date)
Line 1: Line 1:
{{update}}
A Master Password protects access to your stored passwords in the Password Manager. Stored passwords can include webmail and forum account information for browsers and e-mail server passwords for mail readers. By setting a Master Password, anyone using your profile will be prompted to enter the Master Password when access to your stored passwords is needed. You will also need to setup a master password if you wish to install [[wikipedia:S/MIME | S/MIME]] certificates.


A Master Password protects access to your stored passwords in your Password Manager. By setting a Master Password, a user will be prompted to enter the Master Password when access into the Password Manager's stored passwords is needed (not everytime, but as needed). For example, your webmail account login information is stored in the Password Manager (if your agree to the prompt that asks you about it). On [[Thunderbird]] and [[Mozilla Suite]], it also protects your [[wikipedia:POP|POP]], [[wikipedia:IMAP|IMAP]], and [[wikipedia:SMTP|SMTP]] server passwords. You will also need to setup a master password if you wish to install [[wikipedia:S/MIME | S/MIME]] certificates. A master password is set on a per-profile basis, so it is useful if you have many profiles on your machine or you share a machine with many profiles.
A Master Password will not prevent others from reading locally stored e-mails, reading your browsing history, or from accessing sites the browser is already logged in to. A Master Password will also not protect any passwords that were stored before the Master Password was turned on.


''Note for Thunderbird and Mozilla Suite users:'' This will not prevent other users from reading any mail which is already stored in local folders, but it will prevent them from downloading new mail and sending mail from your accounts.
==Setting a master password==
''Firefox 1.5.x and Thunderbird 1.5.x can't store international characters in Master Passwords. If you use these versions and want to use Master Passwords, use only Latin (A-Z, 0-9) characters.[https://bugzilla.mozilla.org/show_bug.cgi?id=252436]''


''Note for Firefox users:'' In Firefox 2.0, password settings have moved to '''Tools/Options/Security'''.
* Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Saved Passwords -> Set Master Password".
* Firefox 2.0: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Security -> Passwords".
* Thunderbird 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Set Master Password".
* Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password".


==Set a master password==
==Removing your master password==
* For Firefox: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Saved Passwords -> Set Master Password".
* Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Remove Master Password"
* For Thunderbird ~1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Saved Passwords -> Master Password -> Change Password".
* Firefox 2.0: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Security -> Passwords -> Uncheck "Use a master password". You will be prompted for your Master Password.
* For Thunderbird 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Set Master Password".
* Thunderbird: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"
* For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password".


'''Note:''' Enabling the Master Password feature will not protect any passwords that are already stored in the Password Manager. To remedy this, clear your current passwords.
If you have lost or forgotten your Master Password or you want to disable the feature, you can reset your master password. Upon resetting, you will lose all the stored information in the Password Manager as this is a built-in security feature to prevent people from simply resetting your Master Password to gaining access to your passwords.


==Clear your stored passwords==
* Firefox: Enter "chrome://pippki/content/resetpassword.xul" in the Location Bar, press Enter, then click "Reset"
* For Firefox: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Saved Passwords -> Clear".
* Thunderbird 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Saved Passwords -> Master Password -> Reset Password".  
* For Thunderbird ~1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Saved Passwords -> View Saved Passwords -> Remove All".
* Thunderbird 2.0: Run the command "thunderbird.exe -chrome chrome://pippki/content/resetpassword.xul". That will open a dialog asking you if you want to reset your password.
* For Thunderbird 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> View Saved Passwords -> Remove All".
* For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Passwords -> Manage Stored Passwords -> Remove All".
 
==Reset your master password==
If you have lost or forgotten your Master Password or you want to disable the feature, reset your master password. Note that, upon resetting, you will lose all the stored information in the Password Manager as this is a built-in security feature to prevent people otherwise resetting your master password and gaining access to your passwords.
* For Firefox ~1.5: enter "chrome://pippki/content/resetpassword.xul" (see [[Chrome URLs]]) in the location bar and click on "Reset"
* For Thunderbird ~1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Advanced -> Saved Passwords -> Master Password -> Reset Password".
** At least under Windows I don't find this button. A thing that does work under Windows is starting thunderbird with "thunderbird.exe -chrome chrome://pippki/content/resetpassword.xul". That will open a dialog asking you if you want to reset your password.
* For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password".
* For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password".
If you know your Master Password you can remove it without losing your data.
* For Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] ->Privacy -> Passwords -> Remove Master Password"
* For Thunderbird 1.5: "Tools -> Options ->Privacy -> Passwords -> Remove Master Password"
==Changing master password settings==
On Firefox (at least), you can enter "chrome://browser/content/pref-masterpass.xul" in the [[:Category:Location Bar|Location Bar]] to access the user interface for changing master password settings.
'''NOTE''': If you want to deactivate your master password but still have Firefox remember your passwords, you simply input your current password and then leave blank the 2 fields for the new password (Enter new password, Re-enter password).


==Issues==
==Issues==
Upon initial installation, Firefox sometimes believes it has a master password in effect and the user is unable to change it using "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Saved Passwords -> Change Master Password" because the set master password is unknown to the user [http://forums.mozillanews.org/index.php?board=4;action=display;threadid=435] [http://forums.mozillazine.org/viewtopic.php?t=110487]. This situation sometimes occurs when Mozilla Suite profile's passwords are imported into Firefox at install time.
Upon initial installation, Firefox sometimes believes it has a master password in effect and the user is unable to change it using "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Saved Passwords -> Change Master Password" because the set master password is unknown to the user [http://forums.mozillanews.org/index.php?board=4;action=display;threadid=435] [http://forums.mozillazine.org/viewtopic.php?t=110487]. This situation sometimes occurs when Mozilla Suite profile's passwords are imported into Firefox at install time. If this happens, remove your master password as explained above.
 
A tentative solution is to reset your master password (see above). If that doesn't help, try removing the "key3.db" file from your [[profile folder]].
 
This [https://bugzilla.mozilla.org/show_bug.cgi?id=252436 bug report] describes a problem using non-ASCII characters in master passwords. There is a patch available, but it doesn't appear to be included in v1.5.0.7 of Thunderbird or Firefox.


[[Category:Issues (Firefox)]]
[[Category:Issues (Firefox)]]
[[Category:Privacy and security]]
[[Category:Privacy and security]]
[[Category:Privacy and security (Thunderbird)]]
[[Category:Privacy and security (Thunderbird)]]

Revision as of 21:22, 11 June 2007

A Master Password protects access to your stored passwords in the Password Manager. Stored passwords can include webmail and forum account information for browsers and e-mail server passwords for mail readers. By setting a Master Password, anyone using your profile will be prompted to enter the Master Password when access to your stored passwords is needed. You will also need to setup a master password if you wish to install S/MIME certificates.

A Master Password will not prevent others from reading locally stored e-mails, reading your browsing history, or from accessing sites the browser is already logged in to. A Master Password will also not protect any passwords that were stored before the Master Password was turned on.

Setting a master password

Firefox 1.5.x and Thunderbird 1.5.x can't store international characters in Master Passwords. If you use these versions and want to use Master Passwords, use only Latin (A-Z, 0-9) characters.[1]

  • Firefox 1.5: "Tools -> Options -> Privacy -> Saved Passwords -> Set Master Password".
  • Firefox 2.0: "Tools -> Options -> Security -> Passwords".
  • Thunderbird 1.5: "Tools -> Options -> Privacy -> Passwords -> Set Master Password".
  • Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password".

Removing your master password

  • Firefox 1.5: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"
  • Firefox 2.0: "Tools -> Options -> Security -> Passwords -> Uncheck "Use a master password". You will be prompted for your Master Password.
  • Thunderbird: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"

If you have lost or forgotten your Master Password or you want to disable the feature, you can reset your master password. Upon resetting, you will lose all the stored information in the Password Manager as this is a built-in security feature to prevent people from simply resetting your Master Password to gaining access to your passwords.

  • Firefox: Enter "chrome://pippki/content/resetpassword.xul" in the Location Bar, press Enter, then click "Reset"
  • Thunderbird 1.5: "Tools -> Options -> Advanced -> Saved Passwords -> Master Password -> Reset Password".
  • Thunderbird 2.0: Run the command "thunderbird.exe -chrome chrome://pippki/content/resetpassword.xul". That will open a dialog asking you if you want to reset your password.
  • For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password".

Issues

Upon initial installation, Firefox sometimes believes it has a master password in effect and the user is unable to change it using "Tools -> Options -> Privacy -> Saved Passwords -> Change Master Password" because the set master password is unknown to the user [2] [3]. This situation sometimes occurs when Mozilla Suite profile's passwords are imported into Firefox at install time. If this happens, remove your master password as explained above.