Protect your Firefox Profile - gHacks Tech News

Protect your Firefox Profile

A Firefox profile stores all personal information such as bookmarks and passwords in it. Everyone who is starting up Firefox with that profile is able to use your saved passwords and cookies as well which is a security risk if you ask me. While you can add a master password to the browser to protect its password database, it does not prevent users from opening the profile on the system itself to look around.

One way to overcome this is to protect the Firefox profile folder by moving it to a location that is not accessible to anyone except you.

I did this by moving the profile to my encrypted hard drive. The hard drive is encrypted using True Crypt and the profile can only be accessed if I provide the security key to decrypt it. Other means are theoretically possible as well, use a portable device that has to be plugged in before you can use the profile.

Moving a profile to another location is not difficulty at all. Close all instances of Firefox and locate your profile folder. This is usually in Document and Settings under Application Date, Mozilla, Firefox, Profiles of the user who is logged into windows currently.

Tip: Enter about:support in the address bar and click on the show folder button that opens up when the page has loaded. This brings you directly to the profile folder on the local system.

Move the complete folder to a different location. Open up profiles.ini afterwards (located in Firefox in Document and Settings). Change the path= parameter to the new location of your profile and change the parameter IsRelative=1 to 0.

firefox profile

Now move the entire profile folder, but not the root folder containing the profile.ini file, to the new location you want it to store in.

Restart Firefox to see if the changes have been made. If all your bookmarks for instance load fine the changes have been successful. If that is not the case double-check the path parameter in profiles.ini.

Note: Someone with access can analyze the profile.ini file to find out where the profile is located on the system. That's why it is important to protect it with encryption or by other means.

Check out how to secure your PC with the free True Crypt software to get started.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. netking said on January 27, 2007 at 2:52 pm
    Reply

    If the goal is to protect yourself from childs or mother, this extension : https://nic-nac-project.de/~kaosmos/profilepassword-en.html#PPFF
    can do the trick… It’ll set a password to open your profile…

    But it’s really easy to bypass, so not as reliable as TrueCrypt…

  2. Rado said on January 28, 2007 at 2:12 pm
    Reply

    Great trick and easy to put in practice.

  3. Luca said on January 26, 2008 at 9:25 am
    Reply

    Hello,
    I’m a little “general-purpose” IT-consultant. One of my goals is to analyze and manage (may be improve) medium size business’ everyday work.
    The first problem is that my customers hove no idea of the main series of risks.
    First: protect THEIR CUSTOMERS sensitive data. There are severe law restrictions to manage sensitive data in Italy, so my customers are continuously in front of high risk.
    In case of theft of hardwares they are completely exposed, but also when they are connected to the Internet. (“Firewall? What’s a firewall? we have fire extinguishers!” or “Get rid of all those annoying popups or you can go home!”).
    I had already thought about this solution, TrueCrypt is my first choice for my own problems, but not so accessible to non-power-users…
    First problem: by default old Mozilla profile manager is hidden in mff, and has to be launched by command prompt in windows…
    Very old version of mozilla and netscape required password to access a profile, but I’m not able to find whether were there encryption of profiles’ data.
    Does anyone know whether are there integrated solutions for password-protect and encrypt profiles in Firefox and Thunderbird?
    [The problem is almost identical in Opera (don’t tell me nothing about M$IE)]
    I mean open-source, or if not, commercial too…
    Or we can go further: are there other browser I don’t know yet?

    Thanks a lot,

    Luca

  4. Adam said on February 24, 2010 at 10:24 am
    Reply

    tools/options/security/use a master password

  5. Coolboy19 said on November 23, 2010 at 12:21 pm
    Reply

    This profile password can easily b bypassed….
    exit firefox completele(frm taskmanager if required)
    jst goto ur AppDataRoaming—>firefox—>Profiles under dat browse for extensions
    u can find a file name profilepassword.jar

    dats it…jst rename dat file..n ur done…
    it wont ask u for a password d next time u start firefox..

  6. Mais said on January 19, 2011 at 11:58 pm
    Reply

    I can recommend Rohos Mini Drive a free utility to password protect Firefox profile.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.