Need a way to recover passwords when master password forgotten

RESOLVED WONTFIX

Status

()

Firefox
Security
--
enhancement
RESOLVED WONTFIX
7 years ago
3 years ago

People

(Reporter: Gurumurthy G S, Unassigned)

Tracking

3.6 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 (.NET CLR 3.5.30729)
Build ID: 20101203075014

Steps to reproduce:

The security protected password which have the two options are 1. remember passwords for sites and 2. use a master password

If i during surfing of any website and might forgot to stored the password, that could visible to next person who come and see that using the view saved password, if i would have enabled the use master password and in case if i forgot the password of that master password how can i recover when i earlier visited websites passwords. 


Actual results:

i didnt able to recovery the forgot of master password.


Expected results:

Do you enable the some security for text box fields are like email else mobile number which is giving user during the creating of the master password. if the some times user forgot the master passwords they use the above options to get recovery of the master password.
Group: core-security
Component: General → Security
QA Contact: general → firefox
Severity: normal → enhancement
Summary: security → Need a way to recover passwords when master password forgotten
I don't understand what do you want.
The passwords are stored encrypted and they are encrypted with the masterpassword.
There is no way to recover the stored passwords without the masterpassword.
Everything else would be insecure.
Matthias, I believe what is being requested is a way to recover password when the master password is forgotten. One example provided in comment 0 is authentication via SMS (like Google does). I'm not sure this would be appropriate for Firefox-proper though; might be better as an add-on.
How should Firefox recover the passwords if the passwords can not be accessed because they are encrypted and can only be unencrypted with the masterpassword ?
Firefox itself doesn't know the masterpassword, how should FF be able to recover it ?

The password reset option with a special question on some websites just clears the current password and sets a new one. You can do that in Firefox without question: Just reset the masterpassword and it the encrypted password file is deleted and replaced by a new file that is encrypted with the new masterpassword.
We have no plans to support this. Systems that strongly protect user data are inherently incompatible with recovery mechanisms.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.