No master password on Android
102 views
Skip to first unread message
Dale Newton
Oct 22, 2025, 9:34:39 AM (9 days ago) Oct 22
to dev-secur...@mozilla.org
Unlike Firefox desktop, Firefox Android has no master password protection. Any passwords in the password store are accessible simply by clicking on the password once the phone is unlocked, which might be protected by nothing more than a relatively weak swipe pattern, as a long/complex screenlock password is overkill for all purposes except their password store for some users.
Aside from the inconvenience factor, users may also still accidentally sync all their passwords to mobile. This can happen as a result of including passwords in the list of things to sync in settings on desktop. There is no way, for example, to sync passwords across devices which have better security options (eg Desktop) but not sync passwords to mobile devices. Users may not realize this when configuring sync on their other devices, leading to all the passwords syncing to their mobile Firefox.
Why has Mozilla never addressed these security concerns (eg. with a a simple master password option)?
Dale.
Aside from the inconvenience factor, users may also still accidentally sync all their passwords to mobile. This can happen as a result of including passwords in the list of things to sync in settings on desktop. There is no way, for example, to sync passwords across devices which have better security options (eg Desktop) but not sync passwords to mobile devices. Users may not realize this when configuring sync on their other devices, leading to all the passwords syncing to their mobile Firefox.
Why has Mozilla never addressed these security concerns (eg. with a a simple master password option)?
Dale.
Reply all
Reply to author
Forward
0 new messages