Protect your Firefox Profile
A Firefox profile stores all personal information such as bookmarks and passwords, and that is the case for profiles used by other browsers as well. The information is lucrative to hackers and while these may need to gain local access, it is probably a good idea to protect the data better.
Everyone who starts Firefox on a local machine gets to access all content in the browser. While you may protect the password database with a master password, data like cookies or bookmarks are not protected.
One way to overcome this is to protect the Firefox profile folder by moving it to a location that is not accessible to anyone except you.
I did this by moving the profile to my encrypted hard drive. You could also encrypt the entire system instead so that no one can access it unless the correct passphrase is provided. The advantage of that is that no-one may access any data on the system including the Firefox data.
The hard drive is encrypted using
True Crypt Vera Crypt and the profile can only be accessed if I provide the security key to decrypt it. Other means are theoretically possible as well, use a portable device that has to be plugged in before you can use the profile.
Moving a profile to another location is not difficulty at all. Close all instances of Firefox and locate your profile folder. This is usually in the Users folder under Application Data, Mozilla, Firefox, Profiles of the user who is logged into windows currently.
Tip: Enter about:support in the address bar and click on the show folder button that opens up when the page has loaded. This brings you directly to the profile folder on the local system.
Move the complete folder to a different location but close Firefox prior to that as you will run into conflicts otherwise. Open up profiles.ini afterwards (located in C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox). Change the path= parameter to the new location of your profile and change the parameter IsRelative=1 to 0.
Now move the entire profile folder, but not the root folder containing the profile.ini file, to the new location you want it to store in.
Restart Firefox to see if the changes have been made. If all your bookmarks for instance load fine the changes have been successful. If that is not the case double-check the path parameter in profiles.ini.
Note: Someone with access can analyze the profile.ini file to find out where the profile is located on the system. That's why it is important to protect it with encryption or by other means.
Check out how to secure your PC with the free True Crypt software to get started.
If the goal is to protect yourself from childs or mother, this extension : https://nic-nac-project.de/~kaosmos/profilepassword-en.html#PPFF
can do the trick… It’ll set a password to open your profile…
But it’s really easy to bypass, so not as reliable as TrueCrypt…
Great trick and easy to put in practice.
I’m a little “general-purpose” IT-consultant. One of my goals is to analyze and manage (may be improve) medium size business’ everyday work.
The first problem is that my customers hove no idea of the main series of risks.
First: protect THEIR CUSTOMERS sensitive data. There are severe law restrictions to manage sensitive data in Italy, so my customers are continuously in front of high risk.
In case of theft of hardwares they are completely exposed, but also when they are connected to the Internet. (“Firewall? What’s a firewall? we have fire extinguishers!” or “Get rid of all those annoying popups or you can go home!”).
I had already thought about this solution, TrueCrypt is my first choice for my own problems, but not so accessible to non-power-users…
First problem: by default old Mozilla profile manager is hidden in mff, and has to be launched by command prompt in windows…
Very old version of mozilla and netscape required password to access a profile, but I’m not able to find whether were there encryption of profiles’ data.
Does anyone know whether are there integrated solutions for password-protect and encrypt profiles in Firefox and Thunderbird?
[The problem is almost identical in Opera (don’t tell me nothing about M$IE)]
I mean open-source, or if not, commercial too…
Or we can go further: are there other browser I don’t know yet?
Thanks a lot,
tools/options/security/use a master password
This profile password can easily b bypassed….
exit firefox completele(frm taskmanager if required)
jst goto ur AppDataRoaming—>firefox—>Profiles under dat browse for extensions
u can find a file name profilepassword.jar
dats it…jst rename dat file..n ur done…
it wont ask u for a password d next time u start firefox..
I can recommend Rohos Mini Drive a free utility to password protect Firefox profile.