Mozilla’s Firefox browser, like most modern browsers, has a built-in password management feature that allows you to save passwords for sites you log into on a regular basis. Since the browser stores the information, that’s one less thing you have to remember. That allows you the convenience of one click access to the sites you use frequently, unless you’ve enabled two-factor authentication (and you should, if you haven’t already!).

Recently, the folks at Mozilla have announced a change that’s coming soon. Depending on who you are, the newly announced feature can be seen as a very good, or a very bad thing.

Firefox 79, the Nightly build, allows users to export saved credentials as plain text into a CSV file.

On the surface of it, that’s very good news. That’s because if you use multiple devices and want to create a way to manage your passwords across them and across multiple platforms, having a handy text-based file is a good option that adds both value and convenience.

It is not without risk, however. Consider what could easily happen if someone compromises your machine. It would be a trivial matter for them to convert all of your stored passwords to plain text, then exfiltrate the CSV and gain access to everything you touch. That’s grim.

To at least partially counter this, the Firefox development team has built in a requirement that users must enter their Windows password before the export process completes. Apple and Android users are out of luck on this front.

On balance, this feels like a move in the wrong direction. While it’s certainly true that the new feature offers some advantages, it seems that the risks far outweigh those. If you use Firefox, this might be a reason to consider migrating to a different browser, especially if you use an OS other than Windows 10.

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*