The Dangers of Browser-Saved Passwords and the Benefits of Using a Password Manager

proxydomproxydom
5 min read

In this post, I will mainly talk about Firefox, but this may apply to other browsers that offer saving passwords locally as well.

Saving passwords in your browser might seem like a convenient choice, but it’s not necessarily the best one. While browsers like Firefox store your credentials in a secure, encrypted way, they are still not the most secure option available.

How does Firefox actually store your passwords?

Firefox secures saved passwords using AES-256-CBC encryption, which replaced the older 3DES-CBC method in earlier versions. The encryption process relies on a combination of a Master Password (if set), a global salt, and a per-entry salt. Encrypted credentials are stored in logins.json, while encryption keys are kept in key4.db (or key3.db in older versions).

When a user saves a password, Firefox generates a random salt unique to that entry. If a Master Password is set, it is combined with the global salt to derive an encryption key using PBKDF2-HMAC-SHA256, which undergoes 1,000 iterations in older versions and 3,000 in newer ones. This iteration process is designed to slow down brute-force attacks. If no Master Password is set, only the global salt is used. The derived key is then used to decrypt the master key, which itself is stored in an encrypted form inside key4.db.

Each password entry is encrypted separately to enhance security. When a password is stored, Firefox follows these steps:

  • A random per-entry salt and an IV (Initialization Vector) are generated.

  • AES-256-CBC encryption is applied using the master key from key4.db as the encryption key.

  • The IV is prepended to the encrypted password.

  • The final encrypted data is Base64-encoded and stored in logins.json.

A typical password entry in logins.json includes the hostname, encrypted username, encrypted password, and encryption type. The encType field determines the encryption method:

  • 1 is for AES-256-CBC

  • 2 is for 3DES-CBC (older versions)

Sounds secure. But how does Firefox retrieve passwords?

When Firefox needs to retrieve a saved password, it follows these steps:

  1. Extracts the encrypted data from logins.json and decodes it from Base64.

  2. Retrieves the master key from key4.db and decrypts it using the PBKDF2-derived key.

  3. Separates the IV from the encrypted password.

  4. Decrypts the password using AES-256-CBC with the master key and extracted IV.

  5. Removes padding (PKCS#7) and retrieves the plaintext password.

Firefox’s encryption system ensures strong security through:

  • PBKDF2 key strengthening, which makes brute-force attacks computationally expensive.

  • AES-256-CBC encryption, a widely accepted cryptographic standard.

  • Unique per-entry salts and IVs, preventing two identical passwords from having the same encrypted output.

  • Optional Master Password protection, adding an extra layer of authentication before decryption is possible.

By combining PBKDF2-derived key encryption, AES-256-CBC protection, per-entry salts, and optional Master Password protection, Firefox ensures that stored credentials remain secure against most common attack vectors.

Wait, what’s AES-256-CBC? And what about PBKDF2 and PKCS#7?

AES-256-CBC (Advanced Encryption Standard with a 256-bit key in Cipher Block Chaining mode) is a widely used symmetric encryption algorithm designed to protect sensitive data. Here’s how it works:

  • Symmetric Encryption: AES-256-CBC uses the same key for both encryption and decryption. The 256-bit key provides a high level of security, making brute-force attacks practically impossible.

  • Block-Based Cipher: Data is divided into fixed-size blocks of 128 bits before encryption. If the last block is shorter than 128 bits, padding is applied to fill the remaining space.

  • Cipher Block Chaining (CBC) Mode: Each plaintext block is XORed with the previous ciphertext block before encryption. This chaining process ensures that identical plaintext blocks produce different ciphertexts, enhancing security. However, the first block doesn’t have a previous ciphertext block, so an Initialization Vector (IV) is used.

  • Initialization Vector (IV): The IV is a random value required for the encryption of the first block. It ensures that even if the same plaintext is encrypted multiple times with the same key, the resulting ciphertexts will be different. The IV itself is not secret but must be unique for each encryption session.

  • Security Strength: AES-256-CBC is considered extremely secure and resistant to brute-force attacks, thanks to its 256-bit key length and block chaining mechanism. However, it does require proper key management and secure IV generation to maintain its effectiveness.

These cryptographic techniques work together to ensure that even if an attacker gains access to encrypted passwords, decrypting them remains extremely difficult without the necessary keys.

Understand, so why should i use a Password Manager instead of a Browser-based one?

While Firefox provides solid encryption, a dedicated password manager offers several advantages:

  • Stronger Security Measures: Password managers like KeePass, Bitwarden, or 1Password implement more advanced security features, such as multi-factor authentication (MFA), secure sharing, and auto-lock mechanisms. Some also offer hardware-based security key support for an extra layer of protection.

  • Better Key Management: Unlike browsers, password managers allow you to manage encryption keys more effectively, often letting you choose your own encryption algorithm settings and iteration counts for key derivation.

  • Cross-Platform Compatibility: Most password managers work across multiple devices and operating systems thru the cloud, ensuring seamless access without relying on a single browser ecosystem.

  • More Comprehensive Protection: Many password managers offer additional security features like password breach monitoring (checking if your credentials appear in data leaks), secure notes storage, and even the ability to generate TOTP (Time-Based One-Time Passwords) for 2FA.

  • No Dependence on Browser Vulnerabilities: Browsers, including Firefox, can be vulnerable to exploits, and an attacker who compromises the browser may be able to extract stored credentials. Password managers operate separately from browsers, reducing this risk. (Obviously, if an exploit comes out for KeePass or whatever Password manager, they can still extract hashes, but it’s very rare that it happens.)

Conclusion

Firefox offers strong encryption and effective security measures for storing passwords, but there is one major issue: it relies heavily on the user setting up a Master Password.

Without a Master Password, all saved credentials are vulnerable to unauthorized access—whether through physical access to your device or malicious scripts that exploit OS-level weaknesses. While Firefox's encryption methods (AES-256-CBC, PBKDF2, per-entry salts) are robust, they do not prevent passwords from being easily retrieved if no Master Password is set.

For better security, a dedicated password manager is the recommended choice. Solutions like KeePass, Bitwarden, or OS-based alternatives (e.g., KDE Wallet) offer more advanced features, better encryption key management, and protection that isn't tied to browser vulnerabilities.

At the very least, if you choose to store passwords in Firefox, setting up a Master Password is an absolute must to enhance security and prevent easy access to your credentials.

0
Subscribe to my newsletter

Read articles from proxydom directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

proxydom
proxydom

Italian college student who loves cats, beer and ethical hacking.