A place to discuss the news and latest developments on the open-source browser Firefox
I highly recommend switching to a 3rd party app for passwords, payment info, etc. I know Bitwarden is a trusted app with a free tier that can import from chrome.
It’s more secure than chrome or Firefox “vaults” and it’s backed up online and synced between devices automatically. It also doesn’t tie you to one browser. There are apps for iOS, android, windows, macOS, and Linux plus plugins for all major browsers.
This is the correct answer. The bitwarden extension is pretty good too at autofill on a page and the ability to self host is really important. I don't know how I lived without it at this point.
However, the bitwarden extension autofill isn't as good as the one built into Firefox or Chrome. It doesn't work well on some sites and you have to copy manually.
That's odd to hear! I certainly believe it, because I've had this issue with other password managers in the past - but I haven't come across this with Bitwarden on desktop. Mobile however, I definitely get issues where it won't prompt the autofill button on the keyboard, sometimes tapping the password field will cause it to realize its there, other times I have to use the quick settings tile to autofill.
You might be able to workaround the problematic sites though using their custom fields attributes for logins.
I still prefer it because then I can have teh app on the phone and log into wherever from it, and if I'm in a foreign pc I can log into the vault and copy the passwords. It also works across browsers, so the firefox at home and the edge at work are synced by default
Could not agree more, and just came there to say this.
I work at a small retail store with an online shop. Multiple times we've had parents call us to cancel online orders where their kids purchased something using their parent's stored credit card info. Those things really should be locked behind a password.
I mean, out the gate Firefox will import a huge chunk of that. Like, literally everything you listed.
You should install it and try.
That said, I will echo others that getting setup with something like KeePass is worthwhile. You set it up, add a browser extension to connect to it l, and now the passwords are REALLY secure and not limited to your browser and much more complex functions are available to you if you want to nerd out.
Dont forget to mention that you have to manually backup your keepass vault somewhere safe and make sure all of your devices have the latest version of it.
Also that Keepass master password is kind of important to remember
Oh, and no they do not need the latest version, at all.
The vault is interoperable between major versions, so this is just untrue.
shrug
Save it in a cloud synced folder, or one synced with Syncthing.
And yes, not forgetting your master password is and will always be critical. Do... You want it to have back doors?
I'm prettey sure Firefox can do that, and like others said: it is better to use a password manager like Bitwarden (you can also selfhost it) instead of Firefox's built in one.
Why?
If I remember correctly if you use your browser's password manager anyone with access to your PC can see your passwords, with Bitwarden or Keepass (or any other password manager) you need the master password.
Also I thought that the browser also saves the passwords unencrypted but I'm not sure if that's true.
You can see more details about how Firefox protects passwords here: https://support.mozilla.org/en-US/kb/how-firefox-securely-saves-passwords
Firefox Desktop uses simple cryptography to obscure your passwords
Obscure, not secure. It's trivial for any program you've installed to read them.
As long as you have a master password it's basically the same as a password manager, Bitwarden is more convenient because it works across apps on your phone.
C:/users/user/appdata/local/Google/Chrome/User Data/Default - Web Data file. Copy and paste it to the same directory of your new browser and the autofill data will get transferred. please use a password manager for passwords. I suggest Bitwarden.
Wait, all that valuable data is easily accessible from there!?
yes
Damn bro.
Favorites are migrated by the welcome wizard.
Password and credit cards you should migrate them to bitwarden free as it's more secure and cross platform
Auto fill on Firefox works much much better than chromium browsers (that I had to keep it disabled because it always messed up shipping addresses)
I personally don't store my CC info in my browser any form. This does two things for me:
But if I did, I would prefer to store it in Bitwarden than my browser.
Autofill doesn't work for me at all on Firefox in Czech language sites. It only works if I'm filling the exact same form on the exact same site twice, otherwise it won't recognize the common fields like name, address, telephone (in czech of couse).
Any idea how to fix this?
As said previously, strongly strongly recommend not using browsers to store passwords and paiement cards. Bitwarden and keepass are well known good options, but if you trust Proton you should try their new password manager Proton Pass which has a free tier (not affiliated to them) For the moment I still have an active license on 1password so haven't switched over yet
People keep repeating this. But I've never really heard s good reason for why a separate password manager is any more secure.
Firefox's saved passwords are not encrypted and just copying your user profile to another computer will allow someone else to use your credentials.
If you use Chrome, do you really want Google knowing your logins?
But they are encrypted.
I think you mean if you don't use a primary password. They're still encrypted then, but since they can be used freely from inside the browser they are indeed not protected from someone copying the profile.
Firefox supports a master password to encrypt them with
But by default it's not encrypted and nobody ever changes the default settings
Tldr; chromium based browers are more vulnerable to password stealing malware because they encrypt with the OS user creds, Firefox would probably avoid this with a master password, as thats the primary protection of this that password managers offer.
On top of what has been said on lower security, this is also much worse in terms of privacy. You are giving up your credentials to Google/Mozilla.
Also they do not encrypt (when they do at all)website URLs, only the secret parts (passwords) so this is a downside as well. Anyone getting access (or Google/Mozilla) of the encrypted vault knows what apps/sites you have accounts on. Some password managers do encrypt everything
But yes, primarily it is way easier to steal passwords from a browser, especially when it's synced across many devices including some with lower security (a phone with just a pin, a phone lent to other people, a computer or tablet or phone let open to anyone to change music on Spotify, ...)
If you have Firefox Accounts and enabled the Sync functionality, your sync login data (usernames, passwords, hostnames) is fully encrypted once it's created and/or modified. However, Mozilla cannot decrypt your usernames and passwords when they are stored on the sync server.
Source: https://support.mozilla.org/en-US/kb/how-firefox-securely-saves-passwords
Bitwarden
In the current era when you install a new web browser it will ask you which old browser you want to import your data from. It will also allow you to create an account with the browser company to keep it synched. You can swap browsers daily if you like. It's relatively quick to do.
All browsers gives you the option to import the information from your old browser nowadays, including Firefox (even Edge does it). It has long since become an industry standard.
When i switched to edge I was able to import all that information over. Whatever you switch to will also likely have that feature
Edge is based on google chrome and so does brave. Firefox is completely different webbrowser
Me and my family use 1Password for password management. I would stay as far away from LastPass as you can they have an AWFUL track record of keeping your information safe and secure.
What doesn't get imported by Firefox automatically can be downloaded from your google account directly. Every single bit of data they have on you.
Oooooooooooo