Where are my Firefox passwords saved?
Solution 1
Firefox keeps your passwords in your profile, and in most/all versions since v2.0 this data is encrypted.
Check out here: http://kb.mozillazine.org/Profile_folder_-_Firefox for locations of the password files on Windows (various versions), Linux and Mac.
- key3.db - Key database
- signons.txt - Previous to 2.0.0.2 - Encrypted saved passwords, requires key3.db to work
- signons2.txt - 2.0.0.2 and above - Encrypted saved passwords (and URL exceptions where "NEVER SAVE PASSWORD" is selected), requires key3.db to work
- signons3.txt - 3.0 and above - Encrypted saved passwords (and URL exceptions where "NEVER SAVE PASSWORD" is selected), requires key3.db to work
- signons.sqlite - 3.5 and above - Encrypted saved passwords (and URL exceptions where "NEVER SAVE PASSWORD" is selected), requires key3.db to work.
Solution 2
From Firefox Help - Recovering important data from an old profile:
Your passwords are stored in two different files, both of which are required:
- key3.db - This file stores your key database for your passwords. To transfer saved passwords, you must copy this file along with the following file.
- signons.sqlite - Saved passwords.
Thus, I would try searching your computer for these two files and checking them out for yourself...
Solution 3
password forensics has an overview and tools for recovery. The latter is a brute force attack on the master password (if you have it, which you should). The security is as good as your password, basically. This link has more details (same site).
Related videos on Youtube
Comments
-
mbb almost 2 years
In a fear-driven reaction to recent hacking events I thought over my password strategy. The basic question is are my saved passwords in FireFox safe from remote access?
I.e. where are they kept, are they kept in plain text, are there known vulnerabilities.
I run OS X 10.6 & Windows 7.
-
Mateusz Jamrocki about 13 yearsI wouldn't trust it though. My friend installed Chrome and it was able to copy his passwords over. If Chrome can do it, viruses can.
-
user3745303 about 13 yearsHe didn't use encryption in that case. If he did, this wouldn't work.
-
Mateusz Jamrocki about 13 yearsMy friend had a master password set, but that wasn't enough to stop Chrome from copying the passwords over. I wouldn't trust the security of it. Any virus that knows how to make SQLite queries can recover data.
-
studiohack about 13 yearsIf the OP encrypted these files, he would be safe...
-
Wayne Johnston about 13 yearsFirefox does encrypt the passwords if you use a master password. See support.mozilla.com/en-US/kb/….
-
Wayne Johnston about 13 yearstjameson suggests that since Chrome can copy the passwords they are not safe. This isn't necessarily so. The passwords are encrypted using the master password. Chrome can copy the files containing the encrypted password, and it can decrypt them if it has the master password. It knows how to decrypt them because the method of encryption is public. It's the key (the master password) that keeps things safe. So the reason Chrome was able to decrypt the file was that the user supplied the master password.
-
rlandster about 12 yearsBut what kind of encryption does Firefox use? I can find no Mozilla web page that makes this clear. They just say "encrypted" which is less than informative.
-
TylerH almost 3 years@rlandster See this (much more recent) Security.SE post on that matter: security.stackexchange.com/questions/215881/…; on Mozilla.org there's also this thread, which mentions hashing 10,000 times: support.mozilla.org/en-US/questions/1275020