Master password

From MozillaZine Knowledge Base

Revision as of 00:56, 12 January 2008; view current revision
←Older revision | Newer revision→

A Master Password protects access to your stored passwords in the Password Manager. You can access the Password Manager via "Tools > Options > Security: Passwords: Show Passwords". The use of a Master password is highly recommended to protect your passwords. Using a Master password is not selected by default. You need to set one, see "Setting a master password" below for how to do that. You can see the Master password as a way to authenticate who you are to the Software Security Device just like you do to a server on a web site: you log in to a web site and enter your credentials and you do the same if supply the Master password.

If you supply the Master password in the popup window that you see if the Master password is needed then you log in to the Software Security Device (In Firefox 2/3: "Tools > Options > Advanced > Encryption: Certificates: Security Devices: Software Security Device"). If you select the Software Security Device then you notice an enabled Log Out button if you are logged on, otherwise the Log In button is enabled in that window.
Access to the encrypted names and passwords is possible as long as you are logged on to the Software Security Device and you need to log out to prevent others from accessing that data if you leave your computer unattended. "Tools > Clear Private Data : Authenticated sessions" does the same, but also additionally will log you out of secure web sites. You may need to clear the cookies to log out of other sites.

Stored passwords can include webmail and forum account information for browsers and e-mail server passwords for mail readers. By setting a Master Password, anyone using your profile will be prompted to enter the Master Password when access to your stored passwords is needed. You will also need to setup a master password if you wish to install S/MIME certificates.

A Master Password will not prevent others from reading locally stored e-mails, reading your browsing history, or from accessing sites the browser is already logged in to. A Master Password will also not protect any passwords that were stored before the Master Password was turned on.

Setting a master password

Firefox 1.5.x and Thunderbird 1.5.x can't store international characters in Master Passwords. If you use these versions and want to use Master Passwords, use only Latin (A-Z, 0-9) characters.[1]

  • Firefox 1.5: "Tools -> Options -> Privacy -> Saved Passwords -> Set Master Password".
  • Firefox 2.0: "Tools -> Options -> Security -> Passwords".
  • Thunderbird 1.5: "Tools -> Options -> Privacy -> Passwords -> Set Master Password".
  • Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password".

Removing your master password

  • Firefox 1.5: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"
  • Firefox 2.0: "Tools -> Options -> Security -> Passwords -> Uncheck "Use a master password". You will be prompted for your Master Password.
  • Thunderbird: "Tools -> Options -> Privacy -> Passwords -> Remove Master Password"

If you have lost or forgotten your Master Password or you want to disable the feature, you can reset your master password. Upon resetting, you will lose all the stored information in the Password Manager as this is a built-in security feature to prevent people from simply resetting your Master Password to gaining access to your passwords.

  • Firefox: Enter "chrome://pippki/content/resetpassword.xul" in the Location Bar, press Enter, then click "Reset"
  • Thunderbird 1.5: "Tools -> Options -> Advanced -> Saved Passwords -> Master Password -> Reset Password".
  • Thunderbird 2.0: Run the command "thunderbird.exe" -chrome chrome://pippki/content/resetpassword.xul . That will open a dialog asking you if you want to reset your password. Or, on MacOS, substitute "thunderbird.exe" with "/Applications/".
  • For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password".


Upon initial installation, Firefox sometimes believes it has a master password in effect and the user is unable to change it using "Tools -> Options -> Privacy -> Saved Passwords -> Change Master Password" because the set master password is unknown to the user [2] [3]. This situation sometimes occurs when Mozilla Suite profile's passwords are imported into Firefox at install time. If this happens, remove your master password as explained above.