There is a policy in new sync, where Passwords sync is disabled when Master
password is set. I think this policy should be changed as many new Trojans
specifically targeting browser based stored passwords. When master password is
set, Passwords cannot be accessed. Private key(master password) lies with the
user is a better way out.
In my view of solution, As when sync should be needed, a prompt can be asked
the master password in order to sync password as most probably in old sync
Operation and user always have control what to syn or not.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
