Firefox for Android: password selection process improvements
The most recent Nightly version of Firefox for Android features an improved password selection process that should make life a lot easier for users who use the built-in password manager.
I have a great password selection workflow on the desktop using KeePass, the password manager's global login shortcut and copy&paste, but the same cannot be said when I'm using my Android phone.
While I don't log in to sites often there, I sometimes have to do that and it was always a burden to get the passwords from the computer to the mobile device.
I enter them manually most of the time which is not very comfortable but not that much of an issue as I rarely need to sign in on the device.
The most recent version of Firefox for Android improves the selection process significantly, at least for users who make use of the built-in password manager of the mobile browser.
A tap on the site's favicon displays a new option to copy the password from a specific account so that you can copy passwords with just two taps on the device screen.
This works only if you are using the Firefox password manager to save passwords and best if you have multiple accounts saved for a site.
The reason why that is more useful then is because Firefox supports auto-fill but will fill out information for one account only. If you want to switch, you simply copy the password to the phone's clipboard to paste it into the field on the site.
This can be useful as well if you need to enter the password somewhere else, say your Google password in an application that requires that you enter account credentials.
A click on edit site settings in the same dialog displays whether passwords are stored for the site currently in the browser.
Firefox Nightly is the only version of Firefox that ships with a password management interface currently. You open it by loading about:passwords in the browser or with a click on Menu > Settings > Privacy > Manage logins.
The target version for the implementation is Firefox 41 which means that it will take several months at the very least before the improvements land in the stable version of the browser for Android.
Additional information about the implementation are available on Bugzilla. (via SÃ¶ren)
I am not clear from your article how this differs from the standard desktop Firefox password manager . I like Keepass too but the biggest downside is, as you say, getting the Keepass file across to another PC/android etc. and subsequently keeping it in sync
I have been considering just using the Firefox password manager with a strong master password (synced across devices using Firefox/Mozilla account).
Does anybody have any thoughts on the security of this ?
Rocky, the password management options of Firefox for Android are rather limited right now if you run the stable or beta version. You cannot display a list of passwords in both programs currently for instance.
ID federations (single-sign-on services and password managers) create a single point of failure, not unlike putting all the eggs in a basket. It remembers all my passwords when un-hacked and loses all my passwords to criminals when hacked. It should be operated in a decentralized formation or should be considered mainly for low-security accounts, not for high-security business which should desirably be protected by all different strong passwords unique to each account.
It is obvious, anyway, that the conventional alphanumeric password alone can no longer suffice and we urgently need a successor to it, which should be found from among the broader family of the passwords and the likes.
At the root of the password headache is the cognitive phenomena called â€œinterference of memoryâ€, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
I am a supporter of Expanded Password System as outlined at
“It should be operated in a decentralized formation…”.
I agree but how can this be done ?
“conventional alphanumeric password alone can no longer suffice…”
This goes to the heart of the question. As i understand it Windows 10 is to introduce a new authentication method but I have not really studied it yet.