5 upvotes, 1 direct replies (showing 1)
View submission: Is this simple security bypass known bug?
Is that why you can sync it into this highly secure app with just your Mozilla account?
Comment by Saphkey at 20/11/2024 at 19:33 UTC*
16 upvotes, 1 direct replies
Well this was obviously a bug. Password vault services have also fucked up before.
And regardless, this is just the user password. If logged into your phone then they already have the password.
Looks like the Firefox android app doesn't have a master password. So you wouldn't want to turn on password sync on your phone.
But the desktop browser does, so it's fine there if you set a master password.
So with a master password it is practically the same, if my assumption is correct of how others work- that they are just being locally encrypted with a master password.