Firefox 79 prepares a function to export stored passwords ... and right now nothing is cool

Pablinux

2 minutes

Lockwise and Firefox 77 password backup

This Tuesday, June 2, Mozilla He launched Firefox 77 and uploaded Firefox 78 to the beta channel and Firefox 79 to the Nightly channel. At the moment, and like every time they launch a new Nightly version, Mozilla has not officially mentioned many of the functions that will come with this delivery of their browser, but we do know that they are preparing something that, personally and how it is implemented right now on Linux, I don't like it at all.

The function I am talking about is one that will allow to export our credentials to a CSV file. At first and explained like this, it seems that there is no problem. But the truth is that there is, since, we insist that this is the case at the time of writing this article, anyone who knows how to export our username / password will be able to make a backup copy of all our credentials and take them with them wherever they want. All you need is to have physical access to our Firefox.

Firefox 79 password backup needs improvement on Linux

Before continuing to talk about the problem or what I consider a security failure, let's talk about how we can make the backup:

  1. We make sure that we are using Firefox 79. Currently it is only available in the channel Nightly.
  2. In the URL bar, we enter "about: logins" without the quotes. This will open the Firefox password keychain, also known as Lockwise.
  3. Next, we click on the three dots next to our avatar.

Export logins

  1. We choose the option «Export logins ...».
  2. We accept the notice by clicking on "Export".

Export passwords in Firefox 77

  1. We indicate a name and a path to save the file and that would be it. The file can be opened with any software that supports CSV files, such as LibreOffice Calc.

As we have explained, it is a dangerous function because anyone who knows how to do it and uses our Firefox can steal all of our passwords. In my opinion, Mozilla should improve this, for example, by forcing us to set a password to be able to access Lockwise, or at least to be able to export passwords. Most likely, in order to export them we will have to enter the password of our user (from the operating system), something that is already happening in the Windows version.

If the time comes, Firefox 79 includes the function as it is now in Linux and you are worried that your passwords will be stolen, you can always go to the hamburger / Preferences / Privacy and security and configure a master password in the "Use a master password" section, without which we will not be able to do practically anything, including exporting all our credentials to the mentioned CSV file. I am convinced that Mozilla will fix this on Linux too and that this feature will be useful without being dangerous. Or so I hope.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Logan said
    ago 4 years

    It is similar to what Opera does by allowing export to csv.
    Rather than allowing it to be exported without Lockwise ... some degree of encryption is needed, which I think is the next step.

    Reply to Logan