Do you think it is safe to store your password in Firefox?
Does Mozilla Firefox store your password safely?
My answer is “No”.
For Admin It’s easy to check your saved password in Mozilla Firefox’s. Simply goto the password section.
One file called logins.json has passwords in encrypted format, which we can decrypt with one tool.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epuluxz2.default-release
We can open it with Notepad.
Prerequisite:
- Python
- Git
- For details on how to download and install Python, check the tutorials for details.
- For Download Git for Windows refer below link to download.
http://checkpointengineer.com/how-to-install-python/
Open your Windows CMD or Powershell to run the below command to clone a repository from GitHub (unode/firefox_decrypt).
git clone https://github.com/unode/firefox_decrypt.git
You can extract passwords from Mozilla profiles with Firefox Decrypt.
You can use it to recover passwords from a profile protected by a Master Password.
Passwords are displayed without a prompt if a profile isn’t protected by a Master Password.
- First, create one directory and then go to that directory and run ls command to check firefox_decrypt directory is there or not.
- Then go to the firefox_decrypt directory by running command cd firefox_decrypt.
- Again run ls command to check the list of existing files inside that firefox_decrypt directory.
python firefox_decrypt.py -f tabular
Press 2Yes as we can get both username and password.
Now how can we protect ourselves?
Go to Settings >> Privacy & Security >> Check mark use a Primary Password
Set a password so someone is not able to get the password by a prompt.
