Firefox Password Manager Review

Firefox Built-in Password Manager is a browser-based application that provides users with the ability to store and encrypt their passwords. While Firefox’s password manager is a great tool for those who demand simplicity, it is also rather bare compared to programs like KeePass - which offer a large variety of features and security.

That being said, Firefox’s password manager is the best browser-based password manager available. In fact, at ProPrivacy.com, Firefox is usually our recommended browser. This is because Firefox is an open source application that doesn’t pass personal data to its parent company like many other browsers

If you’re looking for a browser that cares about your privacy, you can combine Firefox’s password manager with our suggested add-ons and tweaks to create a highly secure browsing experience.

Our Score
3.5 / 5
Free option
Available
Visit Firefox Password Manager

Overview

Currently, Firefox is the only browser that offers you the ability to encrypt all of your passwords with one master password. Without this option, other mainstream browser-based password managers are too much of a security risk to use.

In addition, Firefox is also open source and doesn’t pass your personal data to their parent company like other mainstream browsers do.

Features

The Firefox Password Managers features are pretty basic:

  • Store/file web-based usernames & passwords
  • Master password encryption option
  • Import passwords from Chrome/Internet Explorer (Windows only)

Firefox’s browser-based password manager doesn’t compare to stand-alone password manager programs. For example, Firefox can’t generate strong passwords for you.

What's more, Firefox can only store web-based passwords, which means you won’t be able to use the password manager with non-web-based programs/information.

Security

Provided you create a complex master password in addition to using the service, Firefox Password Manager should store your data securely using a 256-bit AES cipher. Unfortunately, Firefox Sync is another story.

In the past, Firefox Sync used a pretty beefy system to secure your data. However, in 2014 they officially switched to a more traditional cloud-based syncing solution. This was done to provide a better user experience, as their past system didn’t allow users to recover or reset lost/forgotten passwords.

Now, despite Firefox Sync passwords being encrypted locally with end-to-end encryption, a key is generated from the username and password. That key is stored online by Mozilla, and can be employed by users to reset their username and/or password.

This raises some concerns, because if Mozilla can access your Firefox Sync account – technically, so can hackers. For more information on the gritty details, visit the official blog post.

With that out of the way, it is also important to know that Firefox Password Manager is a great tool for passwords that won’t make or break you if compromised. As long as you’re careful with what data you entrust to them (probably not your banking information), Firefox’s password manager is useful and convenient.

Ease of use

Firefox Password Manager is extremely simple to use.

1. Navigate to Preferences ->Privacy & Security

2. Under Forms & Passwords, tick the box to Use a master password

Use a master password

3. Create a complex password or use a website to generate one

Change master password

Conclusion

If your primary goal is to use a password manager that is user-friendly, simple and convenient, Firefox’s password manager is definitely the right choice. In addition, the Firefox Password Manager uses strong local encryption, which puts it a step above other browser-based password managers.

The biggest problem we found with this password manager is, of course, the issues that arise for Android users. If you don’t use Android, you should have no issues syncing between devices with master password enabled.

In conclusion, if your password needs are not too advanced, Firefox’s Built-in Password Manager is definitely an option. If you’re geared more towards password managers that offer a variety of features, take a look at our best password managers page.

0 User Reviews

Leave a Review

Your comment has been sent to the queue. It will appear shortly.

Thanks for your review!

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

8 Comments

Les
on December 6, 2022
> That key is stored online by Mozilla, and can be employed by users to reset their username and/or password. I'm not sure where this information comes from but I don't believe it is true. Mozilla are quite clear that they don't have the ability to decrypt user data, which if they stored a decryption key would not be the case. Having two methods for a user to decrypt their data (username/password combo or a secondary key) does not mean that Mozilla need to have access to the key. Furthermore Firefox now integrates with Android's password storage feature, allowing you to access Firefox-stored passwords from the virtual keyboard inside of apps. All in all, this article could do with an update.
Jack Dodds
on February 3, 2020
Hello Douglas, Have you played with the new "Password quality meter" in Firefox? I have, and have reached the conclusion that it is cryptographic nonsense. Specifically, it will not accept a password that does not include "special" characters. So it shows a higher strength for some 10 character passwords that contain specials than a 24 character password of randomly selected upper case, lower case, and digits. This is just plain wrong. Also, when typing in a string, in some cases adding more character does not affect the password meter. Huh? Your opinion?
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small.png
Douglas Crawford replied to Jack Dodds
on February 3, 2020
Hi Jack. I haven't yet (can you point me to where I can find it?). I'm not a mathematician, but from what you say it does seem a bit off. Adding "special" characters certainly never hurts, though.
Jack Dodds replied to Douglas Crawford
on February 3, 2020
Hi Doug, The Password Quality Meter is shown in the screen grab under your point 3 "Create a complex password ... ".
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small.png
Douglas Crawford replied to Jack Dodds
on February 4, 2020
Hi Jack. Ha ha. Silly me! As I say, I think you are right that the meter is a bit "off," but as long as it encourages people tom use strong passwords I'm not going to lose any sleep over it.
Ken
on January 2, 2020
I also like the Firefox Password Manager. However it's not very flexible. Do you know of any Firefox Add-Ons that would allow you to enter extra fields for Notes or Memos, etc. to FF's password entries. There used to be such add-ons but they no longer work with current versions of Firefox. There *are* various password managers available, but I do not want to have my passwords on any on-line service.... Luddite that I am, I want my passwords only on my local computer. Thanks!
Dylan replied to Ken
on April 11, 2022
My comment is a bit late (more than 2 years). But if anyone else is looking for this or if you are still looking for it. KeePassXC is great and open source. It has a Firefox extension you can use. But because it is free, it won't have a cloud to synchronize your passwords with.
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small.png
Douglas Crawford replied to Ken
on January 3, 2020
Hi Ken. I'm not aware of any Firefox add-on which does what you want, but for an off-line password manager its hard to beat KeePass.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: