Closed Bug 1311131 Opened 9 years ago Closed 9 years ago

Sync Master Password Article request

Categories

(support.mozilla.org - Lithium :: Knowledge Base Content, defect)

Product:
support.mozilla.org - Lithium
Component:
Knowledge Base Content
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: guigs, Assigned: jsavage)

References

Details

Mark Hammond forwarded this to me as a draft for an article that would provide more information for users who decide to use a master passowrd and Firefox sync Hey Alex, I think it would be useful to get this doc on sumo, but I'm not sure what the process is. Thanks ---------- Forwarded message ---------- From: Mark Hammond <markh@mozilla.com> To: Rachel McGuigan <rmcguigan@mozilla.com> Cc: Date: Sun, 3 Jan 2016 18:31:31 +1100 Subject: Master Password and Sync Hey! I found the old editor window on my PC where I wrote the master-password writeup :) Firefox has the option of using a "master password" to protect all your saved passwords. When enabled, your passwords are encrypted[1] and can not be accessed before entering this password. When using Sync, your Firefox Account credentials are also stored in the password manager - your master password must be entered before Sync can start so that Sync has access to these Firefox Account credentials. Once the master password has been entered, Sync also has access to your saved passwords, so if enabled, these passwords are able to be Synced between your devices. While the master-password does encrypt your passwords before they are stored on your device, the passwords are de-crypted before being handed to Sync - this is possible because you must have already entered your master-password to begin syncing. Sync then takes your decrypted passwords, and re-encrypts them using a different (and better) encryption scheme based on your Firefox Accounts password, before sending the encrypted version over the wire for storage on the Sync servers. Note that decrypted copies of your password *never* leave your device - it's just that the encryption changes from the scheme used by the master-password to a stronger scheme used by Sync. While Sync does encrypt your passwords on the wire and on the Sync servers, Sync itself does not make any attempt to encrypt them on the device itself - that is the job of the master-password. It is important to note that the master password itself is *not* synced between devices, so it is possible for one device to have a master-password and for another device to have no (or a completely different) master password. This means that the passwords have some protection on the first device, but reduced protection on that second device. It is possible to use a different (or no) master-password between devices because the passwords are always decrypted using that master-password before being handed to Sync for re-encryption and storage. You should consider the characteristics of the device and your particular risk profile when deciding how to use a master-password. Some people may choose to use a different, strong master-password on each of their devices. Some people may choose to use a master-password on their mobile devices, but be comfortable without a master-password for their desktop device which always lives in a relatively secure area. Whatever your choice, be aware that the master-password only protects your passwords on that device - the choice of a master-password on one device has no bearing on how the passwords are stored on other devices connected by Sync. Further, your choice of master-password has no bearing on how the passwords are stored on the Sync servers - that is a characteristic of the strength of your Firefox Accounts password. You should always choose a strong password for your Firefox Account - but be extra careful with this password because as of Firefox 46 (and almost certainly later), if you lose that password (ie, you need to reset it) you also lose access to your Sync data - it will still be on any connected devices, but it will be lost on the Sync servers until a device re-syncs using the new password. [1] The master-password encryption is not considered particularly strone - see bug 973759. The encryption used by Sync *is* considered strong, so long as your Firefox Account password is itself strong.
See Also: → 1312600
Assignee: nobody → jsavage
Hi Mark, we've set up a draft for a SUMO article based on your draft. Please add any feedback/suggestions here: https://docs.google.com/a/mozilla.com/document/d/1E8DFKwYOgV6HnGLWi_OrAipfQsJtmWOHCJV-U8py5Ag/edit?usp=sharing Once we get the content finalized, we can have the article live the same day and send it off to our localization communities (they'll need 2-3 weeks to localize it).
Flags: needinfo?(markh)
That looks great, thanks!
Flags: needinfo?(markh)
Is this new article relevant to Firefox for Android as well as desktop Firefox? Related discussion: https://support.mozilla.org/en-US/kb/using-master-password-sync/discuss/6912
Flags: needinfo?(jsavage)
Mark, does this apply to Fx for Android as well? Thanks for the q, Alice.
Flags: needinfo?(jsavage) → needinfo?(markh)
I believe it all applies to Android, however, I'm not sure if the reference [1] about the lack of strong encryption on the master-password is relevant for Android. Grisha, can you please give comment 0 a sanity check for its relevance to Android?
Flags: needinfo?(markh) → needinfo?(gkruglov)
(In reply to Mark Hammond [:markh] from comment #5) > I believe it all applies to Android, however, I'm not sure if the reference > [1] about the lack of strong encryption on the master-password is relevant > for Android. Grisha, can you please give comment 0 a sanity check for its > relevance to Android? An important thing to note is that on Android we won't sync your passwords if master password is turned on. To quote rnewman: "Sometimes it seems to magically work, e.g., if Gecko is running and the DB is unlocked; but if you kill the process, so the DB is locked, then Sync runs, it doesn't have your MP so it can't open the logins SQLite DB". IIUC, weak encryption discussion also applies to Android.
Flags: needinfo?(gkruglov)
Joni, while https://support.mozilla.org/en-US/kb/using-master-password-sync is live, it doesn't seem to incorporate anything from comment 6 - is it your intention to update that article, or can we close this?
Flags: needinfo?(jsavage)
Product: support.mozilla.org → support.mozilla.org - Lithium
I apologize for letting this slip through the cracks. We have a note that passwords won't sync in Firefox for Android if the master password is enabled in https://support.mozilla.org/en-US/kb/using-master-password-firefox-android But I've added the same note to this article: https://support.mozilla.org/en-US/kb/using-master-password-sync Closing the bug but please reopen if we've missed anything.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(jsavage)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.