# Firefox Saved Passwords



## RichieW87 (Aug 31, 2007)

Hey all, Just wrote all this out for another forum but since I just registered here for some help (shameless plug) I thought Id share a trick I just discovered.

*Problem*

If you go to:

Tools > Options > Security > Show Passwords > Show Passwords > Yes

You will notice that anyone who is using your Firefox profile on your computer can look at all your passwords in a matter of 6 clicks of the mouse. I personally dont share a computer and I have a password to login, but I occasionally let friends use my computer and I know that they know about this, so it has annoyed me no end that they could easily see all my passwords. Those reading this might not even have known about this but now you do, I can tell you how to change it. This is especially important if you share a computer and everyone uses the same Windows Profile, as anyone using the profile could see anyone else's username and password.

*Solution*

NOTE: This does require at least average knowledge of how to navigate Windows and use Windows systems, although I will try and explain everything very simply. As the computer know-how of the average Firefox user is higher than most other computer users, this shouldn't be too hard.

The solution to this isn't miraculously clever, it just hides the 'Show Passwords' button from the Options menu in the profile you are using. There are ways around this (explained at the end) but they are the kind of things only Advanced Users will know about and things you can't just stumble on to, unlike the current system.

You may have noticed that there is a Master Password option which will allow these passwords to be protect by, you guessed it, a master password. However this has a major drawback in that you have to enter this password in order to use *any* of the passwords saved in the password manager *everytime* you open Firefox. To me this has always been more hassle than its worth so I have declined to do it, but with the beauty of open source I have been informed of another way.

I'll explain this in easy to follow steps...

1) Click the Start Menu and select Run...

2) Type in '%AppData%' and hit Ok

3) Go to Mozilla > Firefox > Profiles > [random numbers/letters].default (assuming you only use the default profile, which most basic users do) > chrome

4) At the top menu bar select Tools > Folder Options > View

5) Uncheck the box that says 'Hide extensions for known file types' and click Ok

NOTE: This will effect all folders, resulting in every file showing its extension (e.g. .mp3, .jpg). If you dont like this, you can change it back right after step 6

6) Create a new text file (Right click > New > Text Document) and name it 'userChrome.css'

NOTE: The filename is case sensitive so use exactly that file name, not UserChrome.css or userchrome.css, or it won't work.

7) When the file is created, right click on it and select 'Edit'. This should open up Notepad (or any other text editor)

8) Copy and paste the following code:

@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

button#showPasswords {display: none !important;}

9) Save the file and restart Firefox. The button should have disappeared.

*Further Issues*

This will *not* password protect your passwords or anything like that. If you want to password protect the Password Manager you *must* use the master password and put up with the annoyance of entering the master password every time you load Firefox.

Also, someone can just enter the chrome URL (chrome://passwordmgr/content/passwordManager.xul) into the taskbar to bring up the passwords or can simply copy sigons2.txt and key3.db to another profile or another computer to see them. This is *only* to remove the button from the options menu, which for me is enough to put my mind at ease.

Any problems, post here. Hope its helpful


----------



## JohnWill (Oct 19, 2002)

Why not just use a master password to protect them?


----------



## RichieW87 (Aug 31, 2007)

Because you have to enter it EVERY time you open Firefox, which as I said in my post is more hassle than its worth


----------



## hewee (Oct 26, 2001)

*Passwords*

*Remember Passwords*

Firefox can securely save passwords you enter in web forms to
make it easier to log on to web sites. Clear this checkbox to prevent
Firefox from remembering your passwords.

*Set/Change Master Password...*

Firefox can protect sensitive information such as saved passwords
and certificates. If you create a Master Password, Firefox will ask
you to enter it once per session as soon as it is needed. You can set or
change the master password by clicking this button.

*Remove Master Password...*

Click this button to remove your current master password. You will have to
enter your current master password to do this.
*
View Saved Passwords*

You can manage saved passwords and delete individual passwords by clicking
the View Saved Passwords button.


----------



## RichieW87 (Aug 31, 2007)

hewee said:


> *Passwords*
> 
> *Remember Passwords*
> 
> ...


Sorry, no offence meant but what was the point of your post?


----------



## hewee (Oct 26, 2001)

To show what Firefox says about the password.


----------

