Mandee Rose

Mandee Rose

March 14, 2018

Firefox Built-in Password Manager is a browser-based application that provides users with the ability to store and encrypt their passwords. While Firefox’s password manager is a great tool for those who demand simplicity, it is also rather bare compared to programs like KeePass – which offer a large variety of features and security.

That being said, Firefox’s password manager is the best browser-based password manager available. In fact, at BestVPN.com, Firefox is usually our recommended browser. This is because Firefox is an open source application that doesn’t pass personal data to its parent company like many other browsers.

If you’re looking for a browser that cares about your privacy, you can combine Firefox’s password manager with our suggested add-ons and tweaks to create a highly secure browsing experience.

Visit Firefox »

Firefox Password Manager Plans & Pricing

Developed by the non-profit and open-source Mozilla Foundation, Firefox browser is completely free (password manager included). Sadly, that free password manager does have some drawbacks because you get what you pay for – or in this case – what you don’t pay for.

Firefox Password Manager Features

The Firefox Password Managers features are pretty basic:

  • Store/file web-based usernames & passwords
  • Master password encryption option
  • Import passwords from Chrome/Internet Explorer (Windows only)

Firefox’s browser-based password manager doesn’t compare to stand-alone password manager programs. For example, Firefox can’t generate strong passwords for you. If you want a password that is complex and secure, you’ll either need to think of one yourself or use a website like this one.

Secure Password Generator

What’s more,  Firefox can only store web-based passwords, which means you won’t be able to use the password manager with non-web-based programs/information.

Visit Firefox »

Is Firefox Password Manager Private and Secure?Firefox password protection

Provided you create a complex master password in addition to using the service, Firefox Password Manager should store your data securely using a 256-bit AES cipher. Unfortunately, Firefox Sync is another story.

In the past, Firefox Sync used a pretty beefy system to secure your data. However, in 2014 they officially switched to a more traditional cloud-based syncing solution. This was done to provide a better user-experience, as their past system didn’t allow users to recover or reset lost/forgotten passwords.

Now, despite Firefox Sync passwords being encrypted locally with end-to-end encryption, a key is generated from the username and password. That key is stored online by Mozilla, and can be employed by users to reset their username and/or password.

This raises some concerns, because if Mozilla can access your Firefox Sync account – technically, so can hackers. For more information on the gritty details, visit the official blog post.

With that out of the way, it is also important to know that Firefox Password Manager is a great tool for passwords that won’t make or break you if compromised. As long as you’re careful with what data you entrust to them (probably not your banking information), Firefox’s password manager is useful and convenient.

Customer Support & Interface

Firefox’s built-in password manager is part of the Firefox. For this reason, the Firefox password manager shares a common interface with the browser. You can access its settings by navigating to Preferences>Privacy & Security.

Firefox’s password manager is both a blessing and a curse when it comes to its simplicity, as it is most definitely the easiest password manager to use. On the other hand, it is a security risk if it is left on its default setting without setting a master password.

If you want to use the Firefox Password Manager to store your sensitive data, you must turn on saved passwords and activate your master password option.

Using Firefox Password Manager

Firefox Password Manager is extremely simple to use.

  1. Navigate to Preferences>Privacy & Security Firefox Preferences & Privacy, Security
  2. Under Forms & Passwords, tick the box to Use a master password Firefox Master Password Option
  3. Create a complex password or use a website to generate one

Cross-Platform Compatibility

Firefox is available across most mainstream platforms, including Windows, OSX Mac, Linux and Android/iOS. Unfortunately, Windows is currently the only OS that offers the option to import passwords from Chrome and Internet Explorer.

Other Browser-Based Password Managers

Currently, Firefox is the only browser that offers you the ability to encrypt all of your passwords with one master password. Without this option, other mainstream browser-based password managers are too much of a security risk to use.

In addition, Firefox is also open source and doesn’t pass your personal data to their parent company like other mainstream browsers do.

Firefox Password Manager Review: Conclusion

We liked

  • Automatically included in Firefox browser
  • Extremely user-friendly & convenient
  • Strong encryption for locally stored passwords

We weren’t so sure about

  • No complex password generator
  • Only works with Firefox
  • Cloud-based sync

We hated

  • Android users cannot sync to Firefox if master password is enabled

If your primary goal is to use a password manager that is user-friendly, simple and convenient, Firefox’s password manager is definitely the right choice. In addition, the Firefox Password Manager uses strong local encryption, which puts it a step above other browser-based password managers.

The biggest problem we found with this password manager is, of course, the issues that arise for Android users. If you don’t use Android, you should have no issues syncing between devices with master password enabled.

Firefox Master Password W Sync

In conclusion, if your password needs are not too advanced, Firefox’s Built-in Password Manager is definitely an option. If you’re geared more towards password managers that offer a variety of features, you’ll want to look elsewhere.

Visit Firefox »

Mandee Rose

Written by

Published on: March 14, 2018.

June 12th, 2018

I’ve been writing professionally for the last 4+ years. My two passions in life are computers and journalism. Before dedicating my time to writing, I spent two years studying Cyber Security. Now I enjoy the opportunity to combine my two greatest loves in life at BestVPN.com.

9 responses to “Firefox Built-in Password Manager Review

  1. I have Firefox 49.0.2 on a PC and the same version on an Android smartphone. Synching passwords with Masterpassword enabled works OK for me and has done for some time now.

    1. Hi Yeti42,

      Thanks for letting me know. As you can see, this article is more than a year old, and it seems things may have changed since I wrote it. When I have a moment I will re-look at Firefox’s password manager.

      1. Yeah it definitely works, although what I want to know is whether Firefox decrypts the saved passwords with the user’s master password before syncing them using their own encryption keys. Is it zero-knowledge?

        1. Hi Al,

          As noted, I have not looked into this for a while, and I am currently too snowed under with other work to do so now. That said, it is my understanding that:

          – “whether Firefox decrypts the saved passwords with the user’s master password before syncing them using their own encryption keys.” – No. Passwords are synced encrypted, and decrypted locally using your master password. The process is therefore end-to-end.
          – “Is it zero-knowledge?” Mozilla does not know your master password, but… The passwords are stored online, and a key used to secure them is generated from the username and master password. This key is also stored online by Mozilla. If a user loses or forgets their login details, this key can be used to reset their password. So not really…

  2. Great review, thanks.
    There still remains a question re default FireFox bookmark manager. If I have for example 4 email accounts all at Gmail, how will the default manager handle this?
    Many thanks
    Dan

    1. Hi Dan,

      When you go to your Gmail account and start to type in your username, a list of stored usernames beginning with the letters you typed will appear as a drop down menu. Select the username for the account you wish to access, and Firefox should autofill the correct password.

  3. I have been using LastPass and Firefox (before that, Roboform).

    Because LastPass makes me enter a master password EVERY TIME I open a browser EVEN if I’m visiting NO sites where I care at all about encryption (sites requiring a password for whatever reason of their own (forums, etc.) but have no exposure to me as far as personal or financial information goes – I never enter profiles), it is a bit aggravating to use. This means that whenever I am on the internet my master password already been entered, LastPass is open to my encrypted passwords. You can set certain sites to require an additional password entry, but it is the SAME password, NOT a different, ADDITIONAL password. They have some other, complicated and troublesome (or expensive) options to further protect passwords. To me a simple entry of a second, different self-designed key would serve the purpose, but even better would allowing storage of some passwords without encryption, so that the encryption could be used ONLY when needed (and closed immediately) and you wouldn’t have to “open” LastPass with a key EVERY TIME you opened a browser, and then surf with it “open.” It would STARTUP “open” to UNencrypted passwords and you could enter the master password only on those sites where you WANTED encrypted passwords.

    SOooo, I ALSO use Firefox WITHOUT a master password for passwords I don’t care about (such as forums, etc.), and only use LastPass for passwords I want encrypted, so I can at least surf forums and such with ease and without complications or exposure of passwords I want encrypted. This does not, of course, solve the problem of LastPass staying “open” (unless I open and close it manually) every time I use it.

    Roboform allowed storage of BOTH encrypted and non-encrypted passwords. This is a great feature. However, Roboform sold me the software years ago, with the guarantee that it was “lifetime” and that I could update AND UPGRADE in perpetuity without additional cost. Later, they simply went back on their word. I just don’t do business with liars. My current system is easy enough, and maybe LastPass (or another manager) will pick up on this and add the ability to store encrypted AND UNencrypted passwords, requiring the master password ONLY on sites you WANT encrypted.

    1. Hi AnnaSummerS,

      Personally, I prefer to use the open source KeePass . With the Passlefox extension it is integrates brilliantly with Firefox.

Leave a Reply

Your email address will not be published. Required fields are marked *