MozillaZine

Master password

From MozillaZine Knowledge Base

Revision as of 18:35, 6 June 2007; view current revision
←Older revision | Newer revision→

A Master Password protects access to your stored passwords in your Password Manager. By setting a Master Password, a user will be prompted to enter the Master Password when access into the Password Manager's stored passwords is needed (not everytime, but as needed). For example, your webmail account login information is stored in the Password Manager (if your agree to the prompt that asks you about it). On Thunderbird and Mozilla Suite, it also protects your POP, IMAP, and SMTP server passwords. You will also need to setup a master password if you wish to install S/MIME certificates. A master password is set on a per-profile basis, so it is useful if you have many profiles on your machine or you share a machine with many profiles.

Note for Thunderbird and Mozilla Suite users: This will not prevent other users from reading any mail which is already stored in local folders, but it will prevent them from downloading new mail and sending mail from your accounts.

Note for Firefox users: In Firefox 2.0, password settings have moved to Tools/Options/Security.

Contents

Set a master password

  • For Firefox: "Tools -> Options -> Privacy -> Saved Passwords -> Set Master Password".
  • For Thunderbird ~1.5: "Tools -> Options -> Advanced -> Saved Passwords -> Master Password -> Change Password".
  • For Thunderbird 1.5: "Tools -> Options -> Privacy -> Passwords -> Set Master Password".
  • For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Change Password".

Note: Enabling the Master Password feature will not protect any passwords that are already stored in the Password Manager. To remedy this, clear your current passwords.

Clear your stored passwords

  • For Firefox: "Tools -> Options -> Privacy -> Saved Passwords -> Clear".
  • For Thunderbird ~1.5: "Tools -> Options -> Advanced -> Saved Passwords -> View Saved Passwords -> Remove All".
  • For Thunderbird 1.5: "Tools -> Options -> Privacy -> Passwords -> View Saved Passwords -> Remove All".
  • For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Passwords -> Manage Stored Passwords -> Remove All".

Reset your master password

If you have lost or forgotten your Master Password or you want to disable the feature, reset your master password. Note that, upon resetting, you will lose all the stored information in the Password Manager as this is a built-in security feature to prevent people otherwise resetting your master password and gaining access to your passwords.

  • For Firefox ~1.5: enter "chrome://pippki/content/resetpassword.xul" (see Chrome URLs) in the location bar and click on "Reset"
  • For Thunderbird ~1.5: "Tools -> Options -> Advanced -> Saved Passwords -> Master Password -> Reset Password".
    • At least under Windows I don't find this button. A thing that does work under Windows is starting thunderbird with "thunderbird.exe -chrome chrome://pippki/content/resetpassword.xul". That will open a dialog asking you if you want to reset your password.
  • For Mozilla Suite: "Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password".

If you know your Master Password you can remove it without losing your data.

  • For Firefox 1.5: "Tools -> Options ->Privacy -> Passwords -> Remove Master Password"
  • For Thunderbird 1.5: "Tools -> Options ->Privacy -> Passwords -> Remove Master Password"

Changing master password settings

On Firefox (at least), you can enter "chrome://browser/content/pref-masterpass.xul" in the Location Bar to access the user interface for changing master password settings.

NOTE: If you want to deactivate your master password but still have Firefox remember your passwords, you simply input your current password and then leave blank the 2 fields for the new password (Enter new password, Re-enter password).

Issues

Upon initial installation, Firefox sometimes believes it has a master password in effect and the user is unable to change it using "Tools -> Options -> Privacy -> Saved Passwords -> Change Master Password" because the set master password is unknown to the user [1] [2]. This situation sometimes occurs when Mozilla Suite profile's passwords are imported into Firefox at install time.

A tentative solution is to reset your master password (see above). If that doesn't help, try removing the "key3.db" file from your profile folder.

This bug report describes a problem using non-ASCII characters in master passwords. There is a patch available, but it doesn't appear to be included in v1.5.0.7 of Thunderbird or Firefox.