The Firefox password manager mistakes you’re probably making—and the fixes

Having strong passwords is the single most important security measure you can take. And to keep your passwords long and hard to guess by malicious actors, you need a reliable password manager to help you keep track. After all, you’ll need a different password for every website or app you use to minimize risks.

You might’ve noticed Firefox prompting you to save your password for later whenever you log into a site. Firefox's built-in password manager feature is free and easy to use. Best of all, it’s right there, no need to download an app or even install a separate browser extension. Your passwords are protected and synced across multiple devices using your Firefox account.

But just because you’re using Firefox's password manager doesn’t mean you’re doing everything right to keep yourself safe online, and there are some considerable mistakes you can make without realizing it.

Storing weak passwords

The passwords themselves need to be reliable

Having a password manager won’t protect you if your passwords themselves are weak or used across multiple websites. If only one site you use suffers a leak or a breach, then your login credentials for multiple sites will be compromised all at once.

And weaker passwords (like "password" or "123456789") are always a hacker’s first guess when attempting to access an account. For your password to be considered strong, it needs to:

• Be a minimum of 16 characters
• Include special characters
• Include numbers
• Include both upper and lower case letters

You can rely on an online password-generating tool, where you can select the criteria for a strong password. Similarly, Firefox has its own built-in random password generator that pops up when you sign up for a new account.

If you use an online password generator, copy your password to Firefox's password manager, and then clear your clipboard of the password immediately afterward. Otherwise, if you leave your device unattended for even a minute, someone might be able to steal it.

Not having a strong primary password on your Firefox account

Your vault is only as secure as its lock

All the passwords stored in your Firefox browser can be protected by a single primary password. This is different from your Firefox account password, which you can use to log into multiple devices and sync your tabs, history, and passwords. However, they're both incredibly important.

If someone gains access to your Firefox account, then they’ll have access to all the logins stored in the browser if they aren't protected by a primary password. Make sure you always have a particularly strong password for both your Firefox account and your Firefox password manager.

To change the password of your Firefox account:

1. Open the Firefox browser.
2. Click on the hamburger menu (three horizontal lines) in the top right corner.
3. Click on your email; it should be the top item in the drop-down menu.
4. This will open the Account menu. Click Manage account.
5. A new window will open labeled Mozilla Account.
6. Scroll down to the Security section.
7. Next to your current password, click Change.

Make sure you choose a strong password when replacing your old one to keep your account safe.

For your primary password:

1. Open the Firefox browser.
2. Click on the hamburger menu (three horizontal lines) in the top right corner.
3. Click on Passwords.
4. Click on the three-dot menu in the top right corner.
5. Select Options.
6. This will open the privacy preferences in Firefox settings.
7. If you don't already have a primary password set, tick the box labeled Use a Primary Password. Otherwise, click Change Primary Password.
8. In the pop-up window, enter your new primary password, then click Ok.

Not backing up passwords outside of Firefox

It's important to prepare for the worst

Since the passwords are stored in your Firefox account, they’re only available as long as you’re logged in. If you log out and realize that you’ve forgotten your password and have no way of getting it back, you’ll also lose access to all your logins.

You should regularly back up your Firefox logins to a separate account, like Google Drive or OneDrive, for safekeeping. Luckily, the process is very simple:

1. Click the menu button in the top right corner of your browser (it’s the three horizontal lines/hamburger menu).
2. Click on Passwords.
3. This will open the page where all your logins are stored.
4. Click on the three-dot menu in the top right corner.
5. Select Export Passwords.
6. A pop-up box will remind you that exported passwords are a readable file. Click Continue with export.

You can then choose the location and name of the CSV file containing your Firefox logins. Make sure you store it somewhere safe.

Syncing passwords on a shared device (work or family)

Sharing is caring, just not passwords

If you sync your Firefox account, including your password, to a device that’s used by others, whether it’s for work or family, they’ll also have access to your passwords. Anyone using that device could access the Passwords page in the browser and then delete, export, or copy your passwords.

This could also happen by accident if multiple people are using the same device and browser. Another person may save their login to a website, potentially replacing your existing username and password. If you don’t have a reliable recovery method for that account, you might lose access for good.

When using a public computer at the library, university, or school, make sure you don’t save new passwords to the browser on that device. Also, if you signed in to your Firefox, it’s important that you sign out and delete browser history, cache, and cookies when you’re done.

Leaving passwords on an unlocked device

Always have a passcode on your device

Normally, Firefox asks you to enter your device’s password or verify your identity with your biometrics before accessing your logins. However, this isn’t the case with an unlocked desktop device or a phone without a password.

If you leave your PC or laptop unattended while it’s unlocked, anyone could gain access to your Firefox passwords. There, they can steal, delete, or change them with nothing stopping them.

The same applies if your phone doesn’t have a pass code or biometric protection. If it gets lost or stolen, or if you even just leave it unattended, anyone can navigate to Firefox and access your passwords.

Not enabling Two-Factor Authentication (2FA)

Double your defenses

While passwords are your first line of defense, they shouldn’t be your only one. There are many ways that a password could fail, whether it’s been included in a data breach or stolen by malware or spyware installed on your device.

It’s essential to have a backup plan in place, especially for highly sensitive websites, such as your bank or primary email. If a site or application offers Two-Factor Authentication (2FA) as an option, it’s best to enable it.

This also applies to your Firefox account. As the primary password, you need to be extra cautious in keeping your account secure. To set up 2FA in Firefox:

1. Click on the three horizontal lines menu in the top right corner.
2. Click on your email.
3. Click Manage account.
4. On the Mozilla Account page, scroll down to Security.
5. Next to Two-step authentication, click Add.
6. Scan the QR code unique to your Firefox account with your authentication app of choice.
7. Enter the generated 6-figure code.
8. Click Continue.

Don't neglect password security

When it comes to online security, most people worry about malware or viruses. However, passwords are your first and most important line of defense against malicious actors. That’s why it’s important to take care of keeping them safe, even just by using the free password manager included in your preferred browser, as long as you’re doing it right.