Mozilla Firefox can now secure access to passwords with device credentials

Viersen, Germany - June 9. 2021: Closeup of mobile phone screen with logo icon of mozilla firefox browser on computer keyboard (focus on left upper part of logo). Editorial Use Only
(Image credit: Shutterstock / Ralf Liebhold)

Mozilla Firefox has introduced a new feature allowing users to protect their passwords and sensitive information against hackers that obtain remote or physical access to their device.

As is standard for many of its competitors, Firefox can create secure passwords and store them in the browser to make it easier for users to quickly log in to accounts when online.

However, this feature does not offer much protection against information stealing malware, so it may be a better idea to invest in one of the best password managers to keep your credentials safe.

Additional layer of security

The credentials stored within the browser will be accessible using your device’s built in biometrics such as a fingerprint or facial recognition, or can be accessed using a password.

The release notes state that, “For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page.”

While the feature is a welcome one, it does not fully protect against information stealing malware, as the credentials are encrypted and stored on a local disk, they can still be stolen by attackers and decrypted using the key stored in the Firefox data. To mitigate this, Firefox recommends that users set a high-strength primary password to encrypt the credentials storage, which will not be stored on the device and is known only to the user.

This primary password is still vulnerable to brute force attacks though, so it is further recommended to use one of the best password generators to ensure the primary password cannot be easily compromised.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.