When security experts mention the importance of protecting our passwords via password managers, many people believe they are already being protected thanks to the fact that most popular web browsers already have built-in password managers that can take care of the problem. Admittedly, these browser password managers are perfect for making our online lives more convenient, but considering them safe as well is a bit of an exaggeration. Firefox is a nice exception, since it is one of the few web browsers that does everything in its possession to keep our data safe while providing a simplistic yet usable password manager as well. Yet even so, while Firefox might well be safer than other browsers it is far from enough to ensure that nobody else could uncover sensitive data. Combine Firefox’s own solution with password management software and its browser extension, however, and you’ll have a perfect combination of convenience and security.
Top Firefox Password Managers
Sticky Password’s desktop app is a real powerhouse where passwords of both websites and apps are safely stored alongside various other credentials. The software supports biometric and app-based secondary authentication and it can sync data online or offline.
Sticky Password is also pretty versatile when it comes to integration with browsers, since it supports 16 of them, including Firefox. Sticky Password’s add-on effectively displays all your web account credentials, even providing the option of automated logins for each of them. The extension is pretty secure as well since it locks both itself and the software after a certain period of time, and only allows password editing in the vault of the program itself.
Sticky Password is available for free, but the unlimited version – which costs $2.50 per month with the option to upgrade to a lifetime license – can be fully trialed without paying a dime for the first 30 days.
Despite being entirely web-based, LastPass is an ideal pick for those looking for a cross-platform password management solution. Aside from keeping passwords and all sorts of other credentials in a safe environment, the app provides plenty of clever features, such as automated password categorization, the family- and team-friendly Sharing Center and the Security Challenge password evaluation tool.
The app’s Firefox extension is not just a simple add-on that displays the necessary login credentials and automatically logs you into the desired account, but it is a gate to a small command center for the LastPass vault that holds virtually all of the software’s features available, from the in-built password generator to the import/export option.
LastPass is entirely free and barely limited, but by paying only $2 per month for a premium license or $4 per month for the family version (up to 6 people) you’ll have access to extras such as unlimited sharing.
Dashlane is a simple solution with a logical interface, where all passwords and credentials are protected by the company’s own patented encryption method, though turning on extra layers of security like a custom PIN or fingerprint-based two-factor authentication via the app can further increase the protection of sensitive data. Additionally Dashlane provides one-time authentication for trusted devices, password evaluation, and password changer for the automated replacement of weak credentials.
The browser extension, which works well with Firefox, is a great way for quickly accessing and immediately logging into any website stored in the vault, but it also has a generation tool for new passwords and can also be used to launch various other features of the software, such as password changer, the security dashboard or your password history.
Dashlane has a free version, but even the Premium version – which is available for as low as $2.50 per month on a longer subscription plan – can be tested for free for the first 30 days.
Password Managers vs Firefox Password Managers
The best word to describe Firefox’s own in-built password manager is primitive, but thanks to this simplicity the use of the Firefox password manager is ridiculously easy, since all it takes is an account login for the first time for Firefox to prompt you to save the login data to its password manager. There is an option to disable this feature completely or allow for exceptions, while Firefox is also capable of storing multiple accounts associated to the same site. The most important feature, however, is the master password, with which credentials can be protected from any prying eyes.
Sadly, this primitive nature is also the biggest disadvantage of Firefox’s password manager, as other credentials – like address or bank card forms – are not even displayed. This is the reason why the use of a real password manager is recommended, since these programs can store anything from login credentials to important or sensitive notes in a secure environment. Not to mention that these password management programs all sport a handy browser extension that works the same way as Firefox’s own solution. However, the same add-on can also import every password stored in the browser as well, while also providing such extras as one-click login and password generator.
Best Password Managers of 2019
|Editor's Choice 2019|
Exporting Passwords From Firefox
Before we introduce the most popular solution that constantly pops up on Mozilla’s forums, there is one trick with which the need for password exporting can be avoided, although it does require some deeper digging into your computer’s hard drive. Select Help > Troubleshooting Information > Profile Directory and click on “Show Folder” (the button may change according to your OS), then all you need to do is locate two specific files: namely key3.db and logins.json, which store all the information needed for exporting passwords. By copying these two files onto a USB-drive and pasting them into the same folder on another computer the job is done, the passwords have been transferred over.
A more convenient approach of importing and exporting passwords and forms saved to Firefox, however, is by using the browser add-ons of various password managers that are capable of performing the tedious copy-pasting automatically. An additional solution – one that is always recommended by Firefox users – is to download the Password Exporter extension that can import and export in XML or CSV format and is capable of obfuscating usernames and passwords for added security. However, as of Firefox 57 this extension is not supported – at least until the developers have access to the necessary API.
Password Security in Firefox
Firefox is fully open source and is developed by a company that swears it never forwards any personal information to third parties without users’ permission. Because of this and since it isn’t typically a target for hackers, Firefox does not suffer many major attacks.
However, that doesn’t automatically mean countermeasures shouldn’t be taken. Like its competitors, Firefox provides many additional settings in order to make browsing more secure, such as: disabling pop-ups; blocking tracking, dangerous sites and downloads entirely; forgetting search history; and deleting cookies at the end of a session.
But by far the best feature that makes Firefox a security master when compared to its competitors is the fact that the in-built password manager is not only encrypted by an AES-256 encryption key (the aforementioned key3.db file), but it also allows users to create their own line of defense in the form of a master password. With this master password active – which should be generated and stored in the same careful manner as you would with any other password – nobody but you can access your saved credentials. In simpler words, it’s a must; just be careful when using Firefox Sync.
Firefox Sync is a free cloud-based service to sync bookmarks, history, add-ons, preferences, tabs, and passwords across your Firefox browsers. By simply logging into a Firefox account, the browser is automatically customized with your preferences in an instant, which is pretty convenient – but sadly dangerous at the same time.
Although passwords and credentials are encrypted locally and can be protected by a master password, the moment the syncing process starts this encryption is gone. Moreover, it has been confirmed that in most cases Firefox Sync is unable to import passwords from one browser to another when the master password is in use, meaning that this feature first has to be turned off to complete a syncing process.
Thankfully the whole issue can be avoided with an inconvenient yet effective method of simply locating the files with your passwords and the encryption key on your device and copy-pasting them into the Firefox library on the new device the browser will be used on.