Firefox, like most modern web browsers, offers to save login information so that they do not have to be entered by you again on the next visit to a website or service.
This behavior can be problematic on multi-user systems if users manage to get access to a user's Firefox installation as login information are readily available for anyone who looks for them in the browser's options.
The master password has been designed to protect the saved password listing from other users. It basically means that the password needs to be entered before the listing can be accessed for the first time so that it protects all account information in the program after setting it up.
The master password needs to be entered only once during a Firefox session (that's the time from opening the browser until it is closed again) which may leads to issues.
Anyone can access the password list again once the master password has been supplied with no apparent option to lock the browser again other than to restart it.
Master Password+ has been designed to improve the master password feature of the Firefox web browser and Thunderbird email client.
It adds a set of features to the master password to make it more secure. Among the options is a timeout feature which can be set to reset the master password flag so that it needs to be entered again after a certain time has passed. It is furthermore possible to lock and unlock the master password with the hotkey Alt-L.
The master password prompt can also be launched during browser start so that the profile can only be used if it is entered correctly by the user.
Master Password+ improves the security if the master password is being used in Firefox. The master password itself on the other hand does not offer 100% protection. The add-on is available for Firefox and the Thunderbird email client.
You can set a master password in Firefox with a tap on the Alt-key, selecting Tools > Options, and then Security > Use a master password.
In Thunderbird, you select Tools > Options, then Security > Passwords > Use a master password.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.