Mozilla revealed a new version of Lockbox today, a password manager extension for desktop versions of the Firefox web browser that replaces the built-in password manager when installed.
Mozilla calls Lockbox an experiment to "test and improve password management and online security".
Lockbox is secured with a Firefox account which offers "newer encryption" according to Mozilla. Lockbox uses AES256-GCM encryption and HMAC SHA-256 "to hash searchable data".
Lockbox is available as an alpha version. This means that it has several limitations right now that you need to be aware of before you install the extension.
First, there is no importing of passwords from Firefox or other password management solutions.
Second, there is no exporting of password data either, but syncing of date between different Firefox installations is supported as Firefox Sync can be used for that.
The current state of Lockbox makes it unsuitable for production environments, and that becomes true as well when you look at the functionality that is offered currently.
First thing you need to do is sign in using a Firefox account after installing the extension. You can create one if you don't have one yet.
The extension displays the core functionality after the sign in automatically in the interface.
The three core features that Lockbox supports at this time are to add login information to the extension, open all saved entries using the toolbar icon, and copy data to sign in from Firefox.
The functionality is quite limited at this point in time. There is no automatic signing in for instance, nor is there auto-filling of data in password fields.
It is necessary right now to click on the toolbar icon, and then on the site in question to copy username and password manually to paste them in to the fields on the site.
It is recommended that you look through the known issues of the release before you start the installation or upgrade to it.
For instance, existing data from previous Lockbox entries is removed automatically when Lockbox is updated as new security features are added in that version that the last version did not support.
Also, you may want to consider using a separate Firefox Account for Lockbox, as it is currently impossible to unlink accounts.
The team that is responsible for Lockbox plans to add features to the extension. It mentions autofilling, password generation, cloud backup, mobile support and multi-browser support.
Lockbox is in alpha right now, and the development team needs time to create a viable alternative to Firefox's built-in password manager. The extension should support all features of Firefox's native password manager at the very least.
Some users may also want options to save data locally without having to use a Firefox account for that.
Now You: Password management: what do you use, and why?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.