Are your login details out in the wild? Have you opened an account on a website that’s probably been hacked? Mozilla wants to let you know. The latest version of Firefox includes a useful batch of new features designed to beef up password management and related security.
Firefox 76 for Windows, Mac and Linux launched on 5 May. The headline changes are focused on Lockwise, Firefox’s inbuilt password management feature. These include the following:
- Vulnerable password alerts. These notify you of passwords that match those that have been stolen in a known breach.
- Website breach alerts. With these, you get a warning if a website you use has been subject to a breach, meaning that there’s a risk of your logins and passwords being exploited.
Here’s a closer look at Firefox Lockwise, and at what’s changed in the latest release…
What is Lockwise?
It started life as ‘Lockbox’. When it first arrived, this was basically just a handy way to view saved passwords within the Firefox browser.
At the end of 2019, Lockbox was rebranded as Lockwise, and its capabilities were boosted: e.g. you could use Lockwise to create new password entries and edit & delete old ones. It still didn’t match the features you would expect from a full-fat, dedicated password manager tool, but it was a useful addition, nonetheless.
Firefox 76 includes further enhancements to Lockwise. These are as follows:
Added access protection
- Let’s say you leave your desk for a moment with Firefox open on your screen. With previous Firefox versions, there was nothing to stop a snooper from heading over to your Lockwise page and viewing your saved password/login details.
- Firefox 76 minimises this risk by adding an additional authentication prompt.
- When you try to view or copy a password from the ‘Logins and Passwords’ page under your Firefox account, you will be asked to give the password for your device’s account before proceeding.
- With the password added, your credentials are available to view and copy for up to 5 minutes.
Notifications for breached and vulnerable passwords
- Note: for these features to work, you’ll need to create a Firefox account. To make sure that your logins are captured, go to the Logins and Passwords page and check the box for “Ask to save logins and passwords for websites”.
- Breach notifications are located via the Lockwise dashboard. A list of logins appears on the left side of the screen. Firefox 76 introduces two new icon indicators that appear next to the relevant website address on the list in the event of a security issue.
- The Vulnerable Password alert tells you if the password you are using on that particular site has been used on another account that was likely subject to a data breach. It warns you that reusing your passwords puts all your accounts at risk and advises you to change the password.
- The Website Breach alert notifies you that credentials were leaked or stolen from that particular site since you last updated your login details. It provides you with details of the date of the breach and advises you to change your password to protect your account.
Password generation tool
We know we shouldn’t do it, but around two thirds of us recycle the same passwords across multiple accounts. Part of the reason is because we want an easy life. Coming up with fresh, memorable passwords with a minimum of 12 letters, numbers and symbols is a hassle.
Most dedicated password manager tools include a password generator to help you with this. Now, Lockwise includes this feature, too. When you’re creating a new account, Lockwise will offer to generate a safe and complex password for you, and save it directly to your browser.
Where does Mozilla get its information about website breaches and compromised passwords?
This information comes from Have I been Pwned, an open access platform that logs breaches and allows people to check if their personal data has likely been exposed.
Does this mean I don’t need a separate, dedicated password management tool?
Dedicated tools such as LastPass, RoboForm and NordPass come with additional features. These can include things like support for multiple devices and browsers from a single account, the ability to add additional authentication layers and secure document sharing.
It depends what you are looking for. If Firefox is your browser of choice and you just want basic password management capabilities, Lockfire is a useful tool to have.