Closed Bug 1447793 Opened 7 years ago Closed 7 years ago

Master password should be logged out when I lock my Windows workstation

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Version:
56 Branch
Platform:
x86_64
Windows
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: robzilla, Unassigned)

Details

Consider the following situation: - I have set up Firefox to use a master password - I lock my Windows workstation and go to lunch (Firefox is open, and I already entered the master password at some point) - A malicious IT admin resets my Windows password and uses it to unlock my workstation - The admin now has access to my Firefox instance, with the passwords already unlocked. Although he can't actually view my passwords, he can log into all of the web sites for which I have saved passwords, and basically do whatever they want with my online accounts. My suggestion (at least for Windows platform): detect when the workstation is locked, and when that happens, log out of the Software Security Device.
I don't think this would be a useful countermeasure against a malicious IT admin. If they can unlock your workstation, they can install a keylogger and get your password that way.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
That's true, but simply unlocking a workstation is far easier than sifting through millions of key strokes to try and extract a password. For the sake of security, isn't it better to have this simple feature?
You need to log in before you can comment on or make changes to this bug.