2

I wonder if having a master password will make my login data saved in Firefox more secure given the fact that I use full disk encryption. The password database won't be exposed in plain text physically on the hard drive when it is locked anyway. Still I guess a master password may protect the login data from other processes running on the same machine. I have Firefox Sync enabled, if it makes any difference (if I understand correctly, it don't).

raindev
  • 253
  • 1
  • 11

2 Answers2

4

Yes, enabling Firefox master password will provide additional security to your logins. You've also partially answered your question. Even though you've enabled full disk encryption, the master password will protect your logins from other processes.

For example, a malware which has been able to execute on your computer will be able to read the disk contents (like other local processes), but wont be able to read your Firefox saved logins due to the master password.

Sandeep S. Sandhu
  • 422
  • 3
  • 5
  • 2
    Unless it intercepts the keyboard and waits for you to type it in, or shows a pixel-perfect copy of Firefox's password promot at the right time and waits for you to enter it. – André Borie Dec 25 '16 at 18:51
  • @AndréBorie, as I understand, for a process to be able to do what you describe it will need to run under superuser. But if login data is unencrypted it can be stolen by any unprivileged processes with much less effort. – raindev Dec 25 '16 at 19:26
  • 2
    As far as I know you don't need superuser privileges to either show a window on screen (to emulate Firefox's password prompt) or to intercept keystrokes on the same "desktop" as Firefox is running (that would be a different matter if we want to intercept a different user's keystrokes, but it's not the case here). – André Borie Dec 25 '16 at 19:44
  • I thought for some reason, that a keylogger cannot be run without root privileges (on Linux at least). Apparently it's not true: http://superuser.com/questions/301646/linux-keylogger-without-root-or-sudo-is-it-real. – raindev Dec 25 '16 at 21:35
  • @AndréBorie, considering your arguments above, would you say, that it doesn't make any difference if Firefox master password is used in case of disk encryption? – raindev Dec 25 '16 at 21:42
  • 1
    @raindev it will not help against any decent malware but could still improve security if someone gets ahold of your machine while it's running (so the FDE password was entered) and you notice this and no longer trust the machine (otherwise that person could've left malware on it to capture your password the next time you open Firefox). – André Borie Dec 25 '16 at 23:57
  • @AndréBorie, would you mind to formulate your thoughts as an answer, so I can accept it? – raindev Dec 26 '16 at 16:54
2

First things first, on most desktop OSes, any process running under your user account can intercept input targeted at any other process running on the same desktop (as opposed to running on someone else's desktop over RDP, or the "secure desktop" on which the Windows UAC prompts are displayed), so this won't protect against malware, as it can wait for you to come back and log your keystrokes, or display a pixel-perfect copy of the Firefox password prompt at the right time and wait for you to type your password.

But, a second master password may still be useful depending on your threat model.

Let's say you leave your (full disk encrypted) laptop unlocked and unattended and the janitor takes a look. Firefox is closed and the janitor gets the master password prompt upon opening it - the janitor can't login to your webmail and steal your secrets. Full of disappointment, he leaves. We assume here that the attacker isn't advanced enough to leave malware on your machine to capture the password upon your return.

Now, let's replay the above scenario but with a government-sponsored attacker instead of the janitor. They tamper with the machine and leave a piece of malware on it to capture your secrets when you type in the master password. However, you noticed the machine was tampered with and decide to no longer trust it so you never type in your password and destroy the machine instead.

The government agency is disappointed, fires the hackers and replaces them with a 5$ wrench (defending against that is out of scope for this particular answer).

André Borie
  • 12,826
  • 3
  • 42
  • 76