Toolkit:Password Manager/2015/Master Password: Difference between revisions

This is a proposal for revamping the Master Password feature currently found in the Firefox Password Manager, as part of the Cloud Services Password Manager work.

Goals

The main goal is to have a password manager that is:

• safe from local attackers (e.g. nosy family members can't get to it)
• available online and offline (i.e. no need to be online to unlock it)
• recoverable by email in case the master password is forgotten

User Interaction

Description

There are three different modes that users can choose from:

1. no master password: passwords are stored in plain text on the local machine
2. separate master password: the contents of the password manager are encrypted using a key derived from a separate password that users choose, and they must enter this password to unlock the password manager
3. Firefox Accounts password: a new encryption key derived from the FxA password is used to encrypt the password manager, and that key is backed up on the Firefox Accounts server to enable recovery should users forget their FxA password

The first two modes reflect what is currently implemented in Firefox, only the third one is new.

Interaction with Sync

In all three modes, users can choose whether or not to use Firefox Sync to synchronize the contents of the password manager across their multiple devices. This is completely orthogonal to whether or not the user chooses to encrypt the password manager locally.

No changes to Sync will be required. Changes to Firefox Accounts (which is a separate product from Sync) will probably be required.