What is Firefox password manager & is it secure?

What is FireFox password manager

Firefox Built-in Password Manager is a browser-based application that provides users with the ability to store and encrypt their passwords. While Firefox’s password manager is a great tool for those who demand simplicity, it is also rather bare compared to programs like KeePass - which offer a large variety of features and security.

That being said, Firefox’s password manager is the best browser-based password manager available. In fact, at ProPrivacy.com, Firefox is usually our recommended browser. This is because Firefox is an open source application that doesn’t pass personal data to its parent company like many other browsers.

If you’re looking for a browser that cares about your privacy, you can combine Firefox’s password manager with our suggested add-ons and tweaks to create a highly secure browsing experience.

Firefox Password Manager Features

The Firefox Password Managers features are pretty basic:

  • Store/file web-based usernames & passwords
  • Master password encryption option
  • Import passwords from Chrome/Internet Explorer (Windows only)

Firefox’s browser-based password manager doesn’t compare to stand-alone password manager programs. For example, Firefox can’t generate strong passwords for you.

What's more, Firefox can only store web-based passwords, which means you won’t be able to use the password manager with non-web-based programs/information.

Is Firefox Password Manager Secure?

Provided you create a complex master password in addition to using the service, Firefox Password Manager should store your data securely using a 256-bit AES cipher. Unfortunately, Firefox Sync is another story.

In the past, Firefox Sync used a pretty beefy system to secure your data. However, in 2014 they officially switched to a more traditional cloud-based syncing solution. This was done to provide a better user-experience, as their past system didn’t allow users to recover or reset lost/forgotten passwords.

Now, despite Firefox Sync passwords being encrypted locally with end-to-end encryption, a key is generated from the username and password. That key is stored online by Mozilla, and can be employed by users to reset their username and/or password.

This raises some concerns, because if Mozilla can access your Firefox Sync account – technically, so can hackers. For more information on the gritty details, visit the official blog post.

With that out of the way, it is also important to know that Firefox Password Manager is a great tool for passwords that won’t make or break you if compromised. As long as you’re careful with what data you entrust to them (probably not your banking information), Firefox’s password manager is useful and convenient.

Using Firefox Password Manager

Firefox Password Manager is extremely simple to use.

  1. Navigate to Preferences>Privacy & Security 
  2. Under Forms & Passwords, tick the box to Use a master password
  3. Create a complex password or use a website to generate one

Firefox password manager alternatives

Currently, Firefox is the only browser that offers you the ability to encrypt all of your passwords with one master password. Without this option, other mainstream browser-based password managers are too much of a security risk to use.

In addition, Firefox is also open source and doesn’t pass your personal data to their parent company like other mainstream browsers do.

However, it is possible to use a third part app as an alternative. Check out our favourite password managers. 


If your primary goal is to use a password manager that is user-friendly, simple and convenient, Firefox’s password manager is definitely the right choice. In addition, the Firefox Password Manager uses strong local encryption, which puts it a step above other browser-based password managers.

The biggest problem we found with this password manager is, of course, the issues that arise for Android users. If you don’t use Android, you should have no issues syncing between devices with master password enabled.

In conclusion, if your password needs are not too advanced, Firefox’s Built-in Password Manager is definitely an option. If you’re geared more towards password managers that offer a variety of features, take a look at our best password managers page.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

1 Comment

  1. Walter L.

    on January 31, 2019

    It seems both Firefox and Chrome now can import/export each other's stored passwords. I'm trying to find information on the technical details on how this is achieved, but all I get are How-To articles. From either browser I can select "import personal data" and select "passwords" to extract the password. Is this based on some open standard? If the password is encrypted locally, how is an external browser able to extract the actual password? Are the browsers providing an API to pull the passwords? As long as there's an exposed API, wouldn't that allowed malware to make the same call to extract such passwords?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: