
Firefox Should Support macOS Keychain - andreasley
https://bugzilla.mozilla.org/show_bug.cgi?id=106400
======
andreasley
Firefox stores passwords in its own "password manager" (basically an encrypted
file). All remembered passwords can be shown in plain text by simply clicking
a button in the options – unless a Master Password is defined.

So by default, Firefox allows anyone with access to your computer to view all
your stored passwords. How this can be considered "secure enough" is beyond
me.

I've worked with quite a few people (regular end users) that use Firefox. None
of them knew that their stored passwords are accessible this easily. None of
them used a master password.

Why doesn't Firefox use the macOS keychain? If not that, why doesn't Firefox
at least prompt for the login password of the current user before showing all
stored passwords? If not that, why doesn't Firefox at least show a giant red
banner, informing the user that their passwords are at risk unless they set a
master password?

Mozilla doesn't seem to view the current behavior as problematic, as this 18
year old ticket has been closed as WONTFIX a few months ago...

