Protect your Firefox Profile - gHacks Tech News

Protect your Firefox Profile

A Firefox profile stores all personal information such as bookmarks and passwords, and that is the case for profiles used by other browsers as well. The information is lucrative to hackers and while these may need to gain local access, it is probably a good idea to protect the data better.

Everyone who starts Firefox on a local machine gets to access all content in the browser. While you may protect the password database with a master password, data like cookies or bookmarks are not protected.

One way to overcome this is to protect the Firefox profile folder by moving it to a location that is not accessible to anyone except you.

I did this by moving the profile to my encrypted hard drive. You could also encrypt the entire system instead so that no one can access it unless the correct passphrase is provided. The advantage of that is that no-one may access any data on the system including the Firefox data.

The hard drive is encrypted using True Crypt Vera Crypt and the profile can only be accessed if I provide the security key to decrypt it. Other means are theoretically possible as well, use a portable device that has to be plugged in before you can use the profile.

Moving a profile to another location is not difficulty at all. Close all instances of Firefox and locate your profile folder. This is usually in the Users folder under Application Data, Mozilla, Firefox, Profiles of the user who is logged into windows currently.

Tip: Enter about:support in the address bar and click on the show folder button that opens up when the page has loaded. This brings you directly to the profile folder on the local system.

Move the complete folder to a different location but close Firefox prior to that as you will run into conflicts otherwise. Open up profiles.ini afterwards (located in C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox). Change the path= parameter to the new location of your profile and change the parameter IsRelative=1 to 0.

firefox profile

Now move the entire profile folder, but not the root folder containing the profile.ini file, to the new location you want it to store in.

Restart Firefox to see if the changes have been made. If all your bookmarks for instance load fine the changes have been successful. If that is not the case double-check the path parameter in profiles.ini.

Note: Someone with access can analyze the profile.ini file to find out where the profile is located on the system. That's why it is important to protect it with encryption or by other means.

Check out how to secure your PC with the free True Crypt software to get started.

Summary
Protect your Firefox Profile
Article Name
Protect your Firefox Profile
Description
Find out how to add extra protection to Firefox profiles to prevent anyone with local access from looking at your passwords, tabs, and bookmarks.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. netking said on January 27, 2007 at 2:52 pm
    Reply

    If the goal is to protect yourself from childs or mother, this extension : https://nic-nac-project.de/~kaosmos/profilepassword-en.html#PPFF
    can do the trick… It’ll set a password to open your profile…

    But it’s really easy to bypass, so not as reliable as TrueCrypt…

  2. Rado said on January 28, 2007 at 2:12 pm
    Reply

    Great trick and easy to put in practice.

  3. Luca said on January 26, 2008 at 9:25 am
    Reply

    Hello,
    I’m a little “general-purpose” IT-consultant. One of my goals is to analyze and manage (may be improve) medium size business’ everyday work.
    The first problem is that my customers hove no idea of the main series of risks.
    First: protect THEIR CUSTOMERS sensitive data. There are severe law restrictions to manage sensitive data in Italy, so my customers are continuously in front of high risk.
    In case of theft of hardwares they are completely exposed, but also when they are connected to the Internet. (“Firewall? What’s a firewall? we have fire extinguishers!” or “Get rid of all those annoying popups or you can go home!”).
    I had already thought about this solution, TrueCrypt is my first choice for my own problems, but not so accessible to non-power-users…
    First problem: by default old Mozilla profile manager is hidden in mff, and has to be launched by command prompt in windows…
    Very old version of mozilla and netscape required password to access a profile, but I’m not able to find whether were there encryption of profiles’ data.
    Does anyone know whether are there integrated solutions for password-protect and encrypt profiles in Firefox and Thunderbird?
    [The problem is almost identical in Opera (don’t tell me nothing about M$IE)]
    I mean open-source, or if not, commercial too…
    Or we can go further: are there other browser I don’t know yet?

    Thanks a lot,

    Luca

  4. Adam said on February 24, 2010 at 10:24 am
    Reply

    tools/options/security/use a master password

  5. Coolboy19 said on November 23, 2010 at 12:21 pm
    Reply

    This profile password can easily b bypassed….
    exit firefox completele(frm taskmanager if required)
    jst goto ur AppDataRoaming—>firefox—>Profiles under dat browse for extensions
    u can find a file name profilepassword.jar

    dats it…jst rename dat file..n ur done…
    it wont ask u for a password d next time u start firefox..

  6. Mais said on January 19, 2011 at 11:58 pm
    Reply

    I can recommend Rohos Mini Drive a free utility to password protect Firefox profile.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.

Be polite: we do not allow comments that threaten or harass, or are personal attacks. Please leave politics and religion out of discussions!