←back to thread

Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox

(github.com)
95 points thunderbong | 1 comments | 22 Oct 24 04:23 UTC | HN request time: 0s | source
Show context
reddalo ◴[22 Oct 24 07:20 UTC] No.41911976[source]
Is it even safe to use browser-integrated password managers? I think they're so much easier to use than external solutions such as KeepassXC, but if it's so easy to decrypt their databases...
replies(5): >>41912021 #>>41912023 #>>41912226 #>>41912321 #>>41913160 #
eesmith ◴[22 Oct 24 07:29 UTC] No.41912023[source]
What is your risk model? An attacker who can install cameras in your house to see your PIN/password? An attacker with a blunt object and the clear intent to harm you if you don't unlock your phone? Your spouse who you trust enough to loan your device to look at a cat pic?
replies(2): >>41912040 #>>41912107 #
reddalo ◴[22 Oct 24 07:33 UTC] No.41912040[source]
My threat model is accidentally installing malware that reads the database of my passwords. I trust my KeepassXC database because I use a strong and long password, so even if malware can read my KeepassXC file, it won't be able to extract the passwords. I feel like Firefox is not as safe.
replies(3): >>41912050 #>>41912108 #>>41912591 #
gruez ◴[22 Oct 24 09:22 UTC] No.41912591[source]
>I trust my KeepassXC database because I use a strong and long password, so even if malware can read my KeepassXC file, it won't be able to extract the passwords. I feel like Firefox is not as safe.

You can set a "primary password" for firefox's password manager, meaning that you first have to enter a password before you can access the stored passwords. That should provide equivalent security to using KeepassXC.

replies(1): >>41912950 #
1. reddalo ◴[22 Oct 24 10:33 UTC] No.41912950[source]
> You can set a "primary password" for firefox's password manager

Wow. I've been using Firefox for 18+ years and I've never knew about this feature! Thanks!