Master password: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(removed duplicate info)
(re-add paragraph Alice removed, and address her concerns by adding "or Thunderbird". I don't know if it's actually possible to Show Passwords in Tb though. Someone should check and answer on Talk.)
Line 1: Line 1:
== Simple explanation ==
It takes only fifteen seconds for a prying user sitting at your computer to see the list of all the passwords you have told Firefox or Thunderbird to save, shown plain as day. If you set a Master Password, these prying users won't be able to see the list unless they can guess your master password first. Also, Firefox won't let these prying users log into your online services unless you've already entered your master password. In summary, the use of a master password is highly recommended.
== Detailed explanation ==
A "Master Password" protects access to your stored passwords. The use of a master password is highly recommended to protect your stored passwords.  Using a master password is not selected by default;  you will need to set one in the [[Password Manager]], as explained below under [[#Setting a master password|Setting a master password]].  You can view using a master password as a way to authenticate who you are to the ''Software Security Device'', just as you do with a server on a web site: you log into a web site and enter your credentials and you do the same if supplying the master password.
A "Master Password" protects access to your stored passwords. The use of a master password is highly recommended to protect your stored passwords.  Using a master password is not selected by default;  you will need to set one in the [[Password Manager]], as explained below under [[#Setting a master password|Setting a master password]].  You can view using a master password as a way to authenticate who you are to the ''Software Security Device'', just as you do with a server on a web site: you log into a web site and enter your credentials and you do the same if supplying the master password.   
A "Master Password" protects access to your stored passwords. The use of a master password is highly recommended to protect your stored passwords.  Using a master password is not selected by default;  you will need to set one in the [[Password Manager]], as explained below under [[#Setting a master password|Setting a master password]].  You can view using a master password as a way to authenticate who you are to the ''Software Security Device'', just as you do with a server on a web site: you log into a web site and enter your credentials and you do the same if supplying the master password.   


Line 10: Line 18:


==Setting a master password==
==Setting a master password==
''Firefox 1.5.x and Thunderbird 1.5.x can't store international characters in master passwords. If you use these versions and want to use a master password, use only Latin (A-Z, 0-9) characters.[https://bugzilla.mozilla.org/show_bug.cgi?id=252436]''
''Firefox 1.5.x and Thunderbird 1.5.x can't store international characters in master passwords. If you use these versions and want to use a master password, use only Latin (A-Z, 0-9) characters.[https://bugzilla.mozilla.org/show_bug.cgi?id=252436]''


Line 20: Line 29:


===Changing your master password===
===Changing your master password===
*Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Change Master Password"  
*Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Change Master Password"  
*Firefox 2 and above:  "Tools -> Options -> Security / Passwords -> Change Master Password"
*Firefox 2 and above:  "Tools -> Options -> Security / Passwords -> Change Master Password"
Line 26: Line 36:


===Removing your master password===
===Removing your master password===
* Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Remove Master Password"
* Firefox 1.5: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Passwords -> Remove Master Password"
* Firefox 2 and above: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Security / Passwords -> Uncheck "Use a master password". You will be prompted for your Master Password.
* Firefox 2 and above: "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Security / Passwords -> Uncheck "Use a master password". You will be prompted for your Master Password.
Line 31: Line 42:


==Resetting the master password==
==Resetting the master password==
If you have lost or forgotten your master password or you want to disable the feature, you can reset the master password.  '''Resetting the master password will remove all stored password information.'''  Upon resetting, you will lose all the stored information in the Password Manager, as this is a built-in security feature to prevent people from simply resetting your Master Password to gain access to your passwords.   
If you have lost or forgotten your master password or you want to disable the feature, you can reset the master password.  '''Resetting the master password will remove all stored password information.'''  Upon resetting, you will lose all the stored information in the Password Manager, as this is a built-in security feature to prevent people from simply resetting your Master Password to gain access to your passwords.   


Line 42: Line 54:


==External links==
==External links==
*[http://support.mozilla.com/kb/Protecting+stored+passwords+using+a+master+password Protecting stored passwords using a master password (Firefox Support)]
*[http://support.mozilla.com/kb/Protecting+stored+passwords+using+a+master+password Protecting stored passwords using a master password (Firefox Support)]
*[http://support.mozilla.com/kb/Forgot+my+master+password Forgot my master password (Firefox Support)]
*[http://support.mozilla.com/kb/Forgot+my+master+password Forgot my master password (Firefox Support)]

Revision as of 06:43, 22 December 2009

Simple explanation

It takes only fifteen seconds for a prying user sitting at your computer to see the list of all the passwords you have told Firefox or Thunderbird to save, shown plain as day. If you set a Master Password, these prying users won't be able to see the list unless they can guess your master password first. Also, Firefox won't let these prying users log into your online services unless you've already entered your master password. In summary, the use of a master password is highly recommended.

Detailed explanation

A "Master Password" protects access to your stored passwords. The use of a master password is highly recommended to protect your stored passwords. Using a master password is not selected by default; you will need to set one in the Password Manager, as explained below under Setting a master password. You can view using a master password as a way to authenticate who you are to the Software Security Device, just as you do with a server on a web site: you log into a web site and enter your credentials and you do the same if supplying the master password.

A "Master Password" protects access to your stored passwords. The use of a master password is highly recommended to protect your stored passwords. Using a master password is not selected by default; you will need to set one in the Password Manager, as explained below under Setting a master password. You can view using a master password as a way to authenticate who you are to the Software Security Device, just as you do with a server on a web site: you log into a web site and enter your credentials and you do the same if supplying the master password.

If you supply the Master Password in the popup window that you see if a master password is needed, then you log in to the Software Security Device (In Firefox 2 and above: "Tools > Options > Advanced > Encryption: Certificates: Security Devices: Software Security Device"). If you select the Software Security Device then you notice an enabled "Log Out" button if you are logged on, otherwise the "Log In" button is enabled in that window. Access to the encrypted names and passwords is possible as long as you are logged on to the Software Security Device and you need to log out to prevent others from accessing that data if you leave your computer unattended. "Tools > Clear Private Data : Authenticated sessions" does the same, but also additionally will log you out of secure web sites. You may need to clear the cookies to log out of other sites.

Stored passwords can include webmail and forum account information for browsers and e-mail server passwords for mail readers. By setting a Master Password, anyone using your profile will be prompted to enter the master password when access to your stored passwords is needed. You will also need to setup a master password if you wish to install S/MIME certificates.

A master password will not prevent others from reading locally stored e-mails, reading your browsing history, or from accessing sites the browser is already logged in to.

Setting a master password

Firefox 1.5.x and Thunderbird 1.5.x can't store international characters in master passwords. If you use these versions and want to use a master password, use only Latin (A-Z, 0-9) characters.[1]

  • Firefox 1.5: "Tools -> Options -> Privacy -> Saved Passwords -> Set Master Password"
  • Firefox 2 and above: "Tools -> Options -> Security / Passwords -> Use a master password"
  • Thunderbird: "Tools -> Options -> Privacy -> Passwords -> Set Master Password"
  • Mozilla Suite/SeaMonkey: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password"

Make sure that you are able to remember or otherwise retrieve the master password you choose. For security reasons, you will need to supply your current master password before you can change or remove it.

Changing your master password

  • Firefox 1.5: "Tools -> Options -> Privacy -> Passwords -> Change Master Password"
  • Firefox 2 and above: "Tools -> Options -> Security / Passwords -> Change Master Password"
  • Thunderbird: "Tools -> Options -> Privacy -> Passwords -> Change Master Password" (not shown unless a master password is set)
  • Mozilla Suite/SeaMonkey: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password"

Removing your master password

  • Firefox 1.5: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"
  • Firefox 2 and above: "Tools -> Options -> Security / Passwords -> Uncheck "Use a master password". You will be prompted for your Master Password.
  • Thunderbird: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"

Resetting the master password

If you have lost or forgotten your master password or you want to disable the feature, you can reset the master password. Resetting the master password will remove all stored password information. Upon resetting, you will lose all the stored information in the Password Manager, as this is a built-in security feature to prevent people from simply resetting your Master Password to gain access to your passwords.

For Firefox, you can also look at the Troubleshooting section of the Password Manager article.

  • Firefox: Enter chrome://pippki/content/resetpassword.xul into the Location Bar (address bar), press the "Enter" key and click "Reset".
  • Thunderbird 1.5: "Tools -> Options -> Advanced -> Saved Passwords -> Master Password -> Reset Password".
  • Thunderbird 2: Choose Tools – Error Console, paste the expression: openDialog("chrome://pippki/content/resetpassword.xul") and press the Evaluate button. That will open a dialog asking you if you want to reset your password.
  • Mozilla Suite/SeaMonkey: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password".

Note: Upon initial installation, Firefox sometimes believes it has a master password in effect and the user is unable to change or remove it because the set master password is unknown to the user [2]. This situation sometimes occurs when a Mozilla Suite/SeaMonkey profile's passwords are imported into Firefox at install time. If this happens, reset the master password as explained above.

External links