Password Manager

From MozillaZine Knowledge Base
Jump to navigationJump to search

This article was written for Firefox but may also apply to Mozilla Suite/SeaMonkey and Thunderbird, although menu sequences may differ.

Firefox includes a feature that allows you to save passwords. If you enter a password in a web form and you do not see a message asking you if you want Firefox to remember the password, make sure that "Remember passwords for sites" is enabled in "Tools -> Options -> Security / Passwords.

You can also choose to use a Master password to protect your passwords, which is highly recommended if you share your computer. See the linked article for details.

Some websites offer to keep you logged in by clicking a check box on the site. Some websites will also log you in automatically the next time if you do not log out before closing the browser.[1] These are features of the website, and will work whether or not you have saved your username and password with Firefox.

Using the Password Manager

You access the Password Manager from the Firefox menu via "Tools -> Options -> Security / Passwords".

  • Click the "Saved Passwords" button to open the "Saved Passwords" window. The "Saved Passwords" window lists the web sites and user names for your stored passwords and includes a "Show Passwords" button that lets you view your stored passwords.

If you use a Master password then Firefox has access to the passwords as long as you are logged in to the Software Security Device ("Tools > Options > Advanced > Encryption: Certificates: Security Devices: Software Security Device"). See the Master password article for details.

Deleting passwords

To delete stored passwords for web sites and user names listed in the Password Manager, open the "Saved Passwords" window (see above). Highlight (select) the items that you want to delete and click the "Remove" button (or press the Delete key). Warning: Make sure you do not click the "Remove All" button, as that will remove all the passwords, without asking for confirmation in Firefox 2 and below.


The Exceptions button in "Tools -> Options -> Security / Passwords" opens a window that lists the web domains from which you chose never to store passwords. If you later decide that you do want to store a password from a site on the Exceptions list, you will need to remove that entry. That is done in the same way you would delete a password, by highlighting the entry and clicking the "Remove" button (or pressing the Delete key).


If Firefox 3.5 or later versions do not offer to store new passwords then make sure that you are not in Private Browsing mode. This is the case if you have a "Tools > Stop Private Browsing" menu item. If that item is disabled (grayed) then you start Firefox automatically in Private Browsing mode. To see all the history settings choose Tools -> Options > Privacy, choose the setting "Firefox will: Use custom settings for history" . You will enter Private Browsing mode if you select: Tools -> Options > Privacy > History: Firefox will: "Never Remember History".

If you do not see any passwords in the Password Manager window (Show Passwords) then your passwords are probably lost. Firefox 3.5 and later versions, up to and including Firefox 31, use the file signons.sqlite to store the encrypted names and passwords. You can rename signons.sqlite to signons.sqlite.sav to make Firefox 3.5+ versions use the file signons#.txt from a previous Firefox version. Firefox 3.5 will use an existing signons#.txt if no signons.sqlite file is present in the Firefox profile folder. All Firefox versions use the same key3.db file to store the encryption key and that file need to match the signons file.

If you can't add new passwords but still see your old passwords in the Password Manager window then use the Password Exporter extension to export your current passwords and delete key3.db and delete or rename signons.sqlite and all signons#.txt files (e.g. signons3.txt) in the Profile folder - Firefox. You can also do that if you lost your Master password and the suggestions in the Master password article didn't work. You need to set a new Master password after deleting the key3.db file.

Starting in Firefox 32, signons.sqlite is no longer used and the file logins.json is used instead. You can try to force Firefox to re-import the passwords from the signons.sqlite file. First, reset the signon.importedFromSqlite preference on the about:config page to the default value, via the right-click context menu. Next, delete the "logins.json" file in the Firefox profile folder with Firefox closed. When you restart Firefox, you should have the signon.importedFromSqlite preference with the value set to "true" and you should have the passwords imported in the Password Manager, unless there may have been errors. [2] [3] [4]

Backing up and restoring passwords

Firefox stores your password data in two files: key3.db (Master Password / Encryption key) and a "signons" file (encrypted names and passwords). You can back up your passwords by making a copy of the files "key3.db" and "signons" for your Firefox version. Firefox 3.5 and later versions use signons.sqlite. [5] Starting in Firefox 32.0, the logins.json file is used instead. See Profile folder - Firefox and Profile backup for additional information.

You can use the Password Exporter or FEBE add-ons to back up your passwords.

Note: The following information was written for older versions of Firefox. Starting in Firefox 24, The Error Console became the Browser Console. Starting in Firefox 30.0 the Browser Console command line is disabled by default. For more information, see this MDN document.

You can also create a backup in JSON format with the code shown below. Copy and paste the code in the Code field in the Tools > Error Console and click the Evaluate button.

var {classes:Cc, interfaces:Ci} = Components;

var tokendb = Cc[";1"]
var token = tokendb.getInternalKeyToken();

try { token.login(true); } catch (e) { }

if (!token.needsLogin() || token.isLoggedIn()) {
 var passwordmanager = Cc[";1"]
 var signons = passwordmanager.getAllLogins({});

 for (i=0;i<signons.length;i++) {
  try {
   var host = signons[i].hostname;
   var realm = signons[i].httpRealm;
   var user = signons[i].username;
   var userf = signons[i].usernameField;
   var password = signons[i].password;
   var passwordf = signons[i].passwordField;
   var submiturl = signons[i].formSubmitURL;
   } catch(e) {}

 var json = JSON.stringify(signons);

 var fp=Cc[";1"]

 if ( == fp.returnCancel) return;

 var filoutputStream=Cc[";1"]


Entry of userid and password when requested

If the password is stored, you can start typing in the first letter(s) of the userid, or you can double-click in the userid text area, either should bring up a choice of userids. Once the userid is typed in the password will be automatically entered after you have answered request for your Master Password. The Master Password needs to be entered only once for a site during your session. If there is only one choice and you have already entered the master password during your session you may be able to just mouse over the userid.

See also

External links