No master password on Android

[Dale Newton]

Unlike Firefox desktop, Firefox Android has no master password protection. Any passwords in the password store are accessible simply by clicking on the password once the phone is unlocked, which might be protected by nothing more than a relatively weak swipe pattern, as a long/complex screenlock password is overkill for all purposes except their password store for some users.

Aside from the inconvenience factor, users may also still accidentally sync all their passwords to mobile. This can happen as a result of including passwords in the list of things to sync in settings on desktop. There is no way, for example, to sync passwords across devices which have better security options (eg Desktop) but not sync passwords to mobile devices. Users may not realize this when configuring sync on their other devices, leading to all the passwords syncing to their mobile Firefox.

Why has Mozilla never addressed these security concerns (eg. with a a simple master password option)?

Dale.

[Dale Newton]

Anyone care to share views on why this question isn't getting any replies?

[Phil Porada]

Dale,
While your topic is Mozilla security related, this group is primarily used for discussion of the Web PKI. I'm not sure where the best place to ask your question would be.

[Ronald Crane]

Please use https://bugzilla.mozilla.org to discuss bugs in, and enhancement requests for, Firefox.

--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/8055567d-17be-4130-891b-94841272060fn%40mozilla.org.