Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics.
To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from using the stored credentials without first authenticating with the device.
Like all modern web browsers, Firefox includes a password manager to create unique passwords for every site you visit and then save them in the browser for easier logins in the future.
Google Chromium browsers, such as Google Chrome, Brave, and Microsoft Edge, have included a feature for some time that prevents anyone with local access to your device from viewing saved credentials of filling in login forms.
For example, when attempting to do so on Windows, the browser will open an operating system authentication prompt, asking the user to log in before the credentials will be accessed.
With the release of Firefox 127, Mozilla has finally added a similar feature to the browser.
"For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page,” reads the release notes.
Source: BleepingComputer
Unfortunately, while this protects local access to the password manager, it does not prevent information-stealing malware from stealing stored credentials from infected devices.
Credentials are stored in an encrypted format on disk but are easily decrypted using open-source tools, as the decryption key is stored in the Firefox data.
To further secure Firefox's password manager, Mozilla suggests setting a Primary Password, which is used to encrypt the password database instead.
Source: BleepingComputer
As these Primary passwords are only known to you and not stored on your computer, they cannot be exported by threat actors, tools, or malware unless they first brute force the password.
However, primary passwords can still be brute forced, so using a long and complicated password is important to make that task much harder, if not impossible, with current hardware.
Related Articles:
Google rolls back reCaptcha update to fix Firefox issues
LastPass says 12-hour outage caused by bad Chrome extension update
Apple to unveil new 'Passwords' password manager app for iPhones, Macs
LastPass is now encrypting URLs in password vaults for better security
Google rolls out Chrome fix for empty pages when switching tabs
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________
