Master Password+ Improves Firefox's Master Password Feature
Firefox, like most modern web browsers, offers to save login information so that they do not have to be entered by you again on the next visit to a website or service.
This behavior can be problematic on multi-user systems if users manage to get access to a user's Firefox installation as login information are readily available for anyone who looks for them in the browser's options.
The master password has been designed to protect the saved password listing from other users. It basically means that the password needs to be entered before the listing can be accessed for the first time so that it protects all account information in the program after setting it up.
The master password needs to be entered only once during a Firefox session (that's the time from opening the browser until it is closed again) which may leads to issues.
Anyone can access the password list again once the master password has been supplied with no apparent option to lock the browser again other than to restart it.
Master Password+ has been designed to improve the master password feature of the Firefox web browser and Thunderbird email client.
It adds a set of features to the master password to make it more secure. Among the options is a timeout feature which can be set to reset the master password flag so that it needs to be entered again after a certain time has passed. It is furthermore possible to lock and unlock the master password with the hotkey Alt-L.
The master password prompt can also be launched during browser start so that the profile can only be used if it is entered correctly by the user.
Master Password+ improves the security if the master password is being used in Firefox. The master password itself on the other hand does not offer 100% protection. The add-on is available for Firefox  and the Thunderbird email client.
You can set a master password in Firefox with a tap on the Alt-key, selecting Tools > Options, and then Security > Use a master password.
In Thunderbird, you select Tools > Options, then Security > Passwords > Use a master password.
I don’t have this add-on installed but when I want to see the stored passwords in FF by clicking the “Show Passwords” button in the Options | Security | Saved Passwords window, I have to enter my master password each and everytime.
Maybe one of my other add-on’s already takes care of this problem?
Jojo, by default the master password has to be entered once per session. It is likely that you are using a different add-on. I assume that you have not closed the browser between tries.
No, did not close the browser.
There is a Show Passwords button at the bottom right. When I click it, I have to enter the master password.
When the passwords are showing, that button changes to Hide Passwords.
If I click the Hide Passwords button OR close the window and reopen it, I have to enter the master password again.
Jojo that sounds like an add-on. If you right-click the icon you may see the name.
Actually this is a security feature of the Firefox itself.
If FF is already unlocked, clicking on “Saved Passwords” button in options will not ask for master password, however clicking “Show Passwords” in that window will lock up FF and ask you confirm the master password.
That’s strange Vano as it was not asking me for a second time when I tried it yesterday. I’m running the latest Minefield release, maybe that’s different there?
That “feature” wasn’t changed in latest minefield nightly build. Basically every time user presses “Show Passwords” button (which is inside of “Stored Passwords” window), it will “forget” previously entered master password and ask it again. IMO this is a must-have feature and should not be changed…
Not true for me [email protected]
Even if I have signed with my master password previously, anytime I click “Show passwords”, I ALWAYS get prompted for the master password.
I do not use this feature to Firefox, I prefer to type my password each time: it is a more secure procedure.
mmmm…that’s exactly what I said…what is not true? ;)
ops, was replying to Jojo (January 6, 2011 at 9:46 pm)