So I am wondering, is that safe? I.e., is the credit card information still encrypted, even though I can retrieve it with my TouchID (without a Primary Password)?Īnd if so, would anybody be able to explain the differences between these two approaches and why the Firefox developers might have chosen one for Logins/Passwords but the other for Credit Cards?įrom a UX perspective, it doesn't make a whole lot of sense to have two different approaches for sensitive information (other password managers treat Credit Cards and Passwords in the same way).įurthermore on Firefox Lockwise for iOS, it is possible to unlock with TouchID or FaceID. Now I am a bit confused because for storing Credit Cards the default is, of course, using OS authentication (there is no option to set a password instead). In an answer to a question about this on the Firefox support forum, user cor-el warned that using OS authentication for passwords instead of a Primary Password is actually not really safe because it doesn't encrypt logins in logins.json and it would be possible to extract them by running: prompt("Logins",JSON.stringify(())) See the two options as they show in the preferences: Unlike with the login data, when I have that option checked, then it also asks me to authenticate when I want to fill credit card information on a website asking for it.
When set, Firefox requires me to authenticate with that password upon opening Firefox and then it also forces me to enter it whenever I want to view, copy, or edit the passwords in about:logins (although it does not ask me to authenticate when I want to fill a password on a website asking for it).Ĭredit Card information, on the other hand, is not protected by a password, but I can ask Firefox to require OS authentication (for example, TouchID on Mac, or the computer password of the user) to view, edit, and fill that information. Logins can be protected with a primary password (formerly called master password). I noticed that there are two different approaches to how Login passwords are protected and to how Credit Cards are protected.
I have a question about how Firefox protects Login information (Website passwords) on the one hand and Credit Card data on the other.
0 kommentar(er)
