Mozilla to improve password manager in Firefox 32
When I started to use Firefox many years ago I used the built-in password manager for some time before I switched to LastPass and then after a while to the -- in my opinion -- best password manager ever KeePass.
Firefox back then had no synchronization feature which meant that you had to copy profile data instead to synchronize passwords between different devices.
The Firefox password manager is comfortable to use, and if you set up a master password, protected from third-parties who try to access your passwords.
It is enabled by default and can save passwords in its database so that the login information can be filled out automatically.
While it does lack a lot of features of established password managers, password generation comes to mind among other things, it is sufficient for many use cases.
Mozilla has improved the handling of passwords in Firefox recently. The organization improved compatibility with dynamic password fields and added an override to Firefox 30 to ignore the autocomplete="off" directive on websites which prevented the password manager from saving passwords previously.
If you are using the Nightly version of Firefox, currently at version 32, you may have noticed additional improvements to the password manager itself.
If you open the password manager in the browser, you do so by loading about:preferences in the browser's address bar, switching to the Security tab there and a click on saved passwords, you will notice new fields added to the table.
Instead of just displaying the site and username, and the password if you click on show passwords, Firefox is now also displaying date, time and usage related information.
The last used and last changed data of every password is displayed here by default. A click on the rightmost icon in the table header displays additional options that you can enable here, in this case times used and first used.
- Last Used refers to the date and time the password was used last to sign in to the listed site.
- Last Changed refers to the date the password was changed the last time.
- Times Used displays the number of times you have signed in to the service.
- First used finally lists the date and time the account was added to Firefox.
The information are useful. You can use them for instance to change passwords that you have not changed in a long time, or delete sites that you have not used for a year or longer and have no intention of using again.
The data is displayed for old and new passwords, and not only for new accounts created after the update or installation of Firefox 32. The reason for this is simple: Firefox has recorded those information previously as well, but they were not displayed anywhere in the browser.
The improvement makes sense in my opinion. While it still lacks information that password managers like KeePass record, notes come to mind among other things, it is a step in the right direction and definitely helpful for Firefox users who use the password manager to save account credentials in the browser.
Additional information about the new version are available on Bugzilla@Mozilla. (via Sören)
Now Read: Why you cannot sync Firefox passwords if you use a master password
So how do I stop Firefox from storing information about my password usage (Last Used, Last Changed, Times Used, First used)? I have no use for such data and am EXTREMELY uncomfortable about it being logged anywhere. This logging of data should be optional.
Firefox has recorded the information before but has not displayed them to the user. The change is that it displays them now in the password manager. If you trust the browser to store your passwords, you should trust it with this information as well.
I was not aware that the browser was doing this. Your telling me “If you trust the browser to store your passwords, you should trust it with this information as well” presupposes that I have the same needs and values that you do, and this is simply not the case. I want to configure it so that it doesn’t do it anymore, but can find no information about how to do so.
The only option is to use a different password manager. I use KeePass for instance.
I might switch to KeePass. I like that it would let me use my one set of passwords between browsers. Shame there isn’t full support for old Opera as I still have passwords that need migrating.
Which KeePass extensions do you use, Martin?
I have also written a password manager Addon (QuickPasswords) which adds some much needed features such as assisted SSO password change and a “lock masterpassword” button. Looking forward to these improvements to land!
FWIW .. I use Saved Password Manager ( https://addons.mozilla.org/en-US/firefox/addon/saved-password-editor/ ) which adds extra functionality
aaaand .. due to Martin’s comments about notes .. I remembered something I had seen and just installed Password Tags ( https://addons.mozilla.org/en-US/firefox/addon/password-categories ) which allows you to add tags and “metadata fields” (i.e notes, info) (both are sortabled) which is great for multiple accounts per website, etc.
aaand … now with the extra info from FF such as age, last used .. this is starting to look good
DRM/Adobe Flash/Shockwave has ended my time with Firefox.
So there is no Adobe Flash / Shockwave for other browsers? And other browsers does not support ERM? Your comment does not make any sense. oO
It does if he moved to SeaMonkey
This thing still doesn’t have password manager at least as good as the old Opera, in 2014, it’s kind of amazing.
I’ve always use the internal password manager with almost no problems. I use the Export Passwords and Saved Passwords addons to make it better. I tried Last Pass for a while but it screwed up a lot on Facebook.
Martin, I’m using LastPass. Just curious, what feature(s) of KeePass makes it your favorite? :)
Full control over where the database is stored.