While they dont explicitly say that they encrypt the CC info with the password. I mean, its prob not accessible to the javascript sandbox with out your interaction, however, it seems like they are stored 'cleartext'? unless you opt in to have them protected via password. This leads me to believe that by default. Please note, this is not your Firefox Account password.
#Firefox login password#
This requires your operating system password (or authenticate using your fingerprint, face or voice login if enabled) this is usually the password used to unlock your computer. To add further protection, you can select to require authentication before autofilling the credit card information. You can also choose to password protect your credit card data for an additional layer of protection. (I asked about this issue over at the Firefox support forum but never got any response.)Īs a precaution, your CVV number is not saved. So why here and not on a Desktop computer in the Firefox browser? Is the OS authentication more secure on mobile? If anybody could enlighten me about this I'd much appreciate it. So I am wondering, is that safe? I.e., is the credit card information still encrypted, even though I can retrieve it with my TouchID (without a Primary Password)?Īnd if so, would anybody be able to explain the differences between these two approaches and why the Firefox developers might have chosen one for Logins/Passwords but the other for Credit Cards?įrom a UX perspective, it doesn't make a whole lot of sense to have two different approaches for sensitive information (other password managers treat Credit Cards and Passwords in the same way).įurthermore on Firefox Lockwise for iOS, it is possible to unlock with TouchID or FaceID. Now I am a bit confused because for storing Credit Cards the default is, of course, using OS authentication (there is no option to set a password instead). In an answer to a question about this on the Firefox support forum, user cor-el warned that using OS authentication for passwords instead of a Primary Password is actually not really safe because it doesn't encrypt logins in logins.json and it would be possible to extract them by running: prompt("Logins",JSON.stringify(())) See the two options as they show in the preferences:
Unlike with the login data, when I have that option checked, then it also asks me to authenticate when I want to fill credit card information on a website asking for it. Firefox’s Total cookie protection gives you outstanding privacy by default. When set, Firefox requires me to authenticate with that password upon opening Firefox and then it also forces me to enter it whenever I want to view, copy, or edit the passwords in about:logins (although it does not ask me to authenticate when I want to fill a password on a website asking for it).Ĭredit Card information, on the other hand, is not protected by a password, but I can ask Firefox to require OS authentication (for example, TouchID on Mac, or the computer password of the user) to view, edit, and fill that information. Firefox View lets you see your tabs open on other devices and recent history. Logins can be protected with a primary password (formerly called master password). I noticed that there are two different approaches to how Login passwords are protected and to how Credit Cards are protected. I.e.I have a question about how Firefox protects Login information (Website passwords) on the one hand and Credit Card data on the other. This seems awfully hackish and would have to be handled on a per-OS basis. My only idea at this point is to invoke a local process using nsIProcess and parse the IP from there. "data is exchanged including WiFi Access Point data, an access token (similar to a 2 week cookie), and the user's IP address"īut does not indicate an API to access the user's IP address directly. The Mozilla Developer pages on the Geolocation API mentions: My research into this has so far only turned up individuals wishing to find the ip address of loaded websites by way of DNS resolution or using Java applets) which won't be appropriate for a FF extension. This information gets communicated to a client on the local network out-of-band such that it can open a socket connection to the extension.
#Firefox login code#
I'm looking for a way for the extension code to programmatically learn the local network address of the machine running the Firefox extension. I'm writing a Firefox extension that uses nsIServerSocket to listen for socket connections.
0 kommentar(er)
