搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Why does Firefox Sync removes data when password was changed?

  • 3 个回答
  • 1 人有此问题
  • 23 次查看
  • 最后回复者为 Jamie Kitson

more options

Hi,

First of all let me indicate that I appreciate the job you have been doing as Firefox support / development teams.

I've just learned that firefox sync removes the stored data when password was changed right after trying to get help for not-restored settings. I think it is quite common forgetting a password and recovering by mail - reset. I am just so curious about the reason why Firefox Sync removes all data when password was changed.

Hi, First of all let me indicate that I appreciate the job you have been doing as Firefox support / development teams. I've just learned that firefox sync removes the stored data when password was changed right after trying to get help for not-restored settings. I think it is quite common forgetting a password and recovering by mail - reset. I am just so curious about the reason why Firefox Sync removes all data when password was changed.

所有回复 (3)

more options

hi, this is due to the security-focused design of sync - before it leaves your device, all sync data gets encrypted with a key derived from your password & only this encrypted dump is stored on the sync servers. there is no other way to get to the encrypted data, than knowing your original password (not even for mozilla or other "interested parties"). there should also be a warning about all stored sync data being gone at the beginning of the password changing procedure in firefox accounts.

the very technical details of this process are described at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

more options

So, in my humble opinion; just decrypt data when user resets his/her passwd and re-encrypt data with the new passwd. OK, I know you'll say it's not possible to decrypt data without the passwd that it was encrypted first but ... don't you think user is still authorized to view or restore them once he/she resets via e-mail? Putting a warning message is not enough. Any personal account is recoverable without data loss in today's world. Even still if it has to be used, then this very important information should be highlighted in bold red letters, warning icons, in a separate step of the wizard. I need to cover a lot of passwords. However I feel like I am speaking against the famous for privacy policy of the firefox that I've been using for a long time with love. Maybe you're right. Maybe browser is on top of other personal accounts like a main gate.

Anyways guys, make it better, ok? Good luck with that.

more options

firefox_user_1665322 said

don't you think user is still authorized to view or restore them once he/she resets via e-mail?

The whole point is that Mozilla can't access your information. Your login details and browsing history would be a goldmine for governments/hackers, this way Mozilla can tell governments where to go because they really can't access it, and likewise they can't access it if someone forgets their password. If you're not that bothered about security then just choose a really weak, easy to remember password.