Unlike Firefox desktop, Firefox Android has no master password protection. Any passwords in the password store are accessible simply by clicking on the password once the phone is unlocked, which might be protected by nothing more than a relatively weak swipe pattern, as a long/complex screenlock password is overkill for all purposes except their password store for some users.
Aside from the inconvenience factor, users may also still accidentally sync all their passwords to mobile. This can happen as a result of including passwords in the list of things to sync in settings on desktop. There is no way, for example, to sync passwords across devices which have better security options (eg Desktop) but not sync passwords to mobile devices. Users may not realize this when configuring sync on their other devices, leading to all the passwords syncing to their mobile Firefox. Why has Mozilla never addressed these security concerns (eg. with a a simple master password option)? Dale. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/9a49f745-7261-42e5-a426-349219a51bbdn%40mozilla.org.
