2

I am wondering about the safety of my passwords stored in FF > 57.

I guess passwords stored in a Keepass database file are safe against cracking, as much as possible given its AES algorithm.

Are passwords stored in FF builtin password manager are as safe as that, given its algorithm?

sancho.s ReinstateMonicaCellio
  • 444
  • 3
  • 11

1 Answers1

1

Well, they are encrypted with AES, but they are not as safe. FF does not use slow key derivation function, which allows the password to be brute forced. Also sync is not encrypted anywhere as well, so you should at least disable sync on FF. In general, FF is convenient and secure enough for basic protection but not as secure as keepass.

forest
  • 65,613
  • 20
  • 208
  • 262
Peter Harmann
  • 7,778
  • 5
  • 20
  • 28
  • 4
    “Also sync is not encrypted anywhere as well, so you should at least disable sync on FF.” Really? I was under the impression that everything was encrypted. It says so here: https://blog.mozilla.org/services/2014/04/30/firefox-syncs-new-security-model/ – Kevin Li Apr 23 '18 at 10:46