Mozilla Firefox protects your saved login credentials using a master password. This ensures that nobody can steal the passwords stored in your Firefox profile. Without the master password, the passwords stored inside your Firefox profiles can be easily decrypted using tools that can grab the saved passwords directly from the Firefox profile files. But master password should also be configured properly so that nobody can access your saved passwords.
By default, Firefox asks for master password only once per session which is very insecure. It means that anyone can view your passwords once you enter the master password and forget to close the Firefox windows. You should configure Firefox in such a way that it asks for the master password every few minutes. Here is how you can do that:
- In the Firefox web browser, type about:config in the address bar and press Enter.
- A warning will appear in Firefox. Click on the I accept the risk! button to proceed.
- Look for the preference named security.ask_for_password and change its value to 2.
- Look for the preference named security.password_lifetime. Double-click on it to change its value to number of minutes after which master password login expires. The default value is 30 minutes, but you can change it to any small or large number.
The default value of the configuration security.ask_for_password is 0 which means that the master password will be remembered for the entire session, that is, until you close down all the open Firefox windows or processes. This configuration can also be set to 1 which results in Firefox asking for the master password every time you have to access the saved login credentials. In my opinion, a value of 2 is the ideal setting for this configuration as it is neither annoying nor totally insecure to make Firefox remember the master password only for a few minutes.