Revision control
Copy as Markdown
Other Tools
<?xml version="1.0" encoding="UTF-8"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[
<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
%brandDTD;
]>
<head>
<title>Password Settings</title>
<link rel="stylesheet" href="helpFileLayout.css"
type="text/css"/>
</head>
<body>
<h1 id="password_settings">Password Settings</h1>
<p>This section describes how to set your password preferences, set your Master
Password, and control other aspects of password handling.</p>
<p>For step-by-step descriptions of various tasks related to passwords, see
<a href="using_priv_help.xhtml#using_the_password_manager">Using the Password
Manager</a>.</p>
<div class="contentsBox">In this section:
<ul>
<li><a href="#passwords">Privacy & Security Preferences -
Passwords</a></li>
<li><a href="#password_manager">Password Manager</a></li>
<li><a href="#change_master_password">Change Master Passwords</a></li>
<li><a href="#reset_master_password">Reset Master Password</a></li>
<li><a href="#choosing_a_good_password">Choosing a Good Password</a></li>
</ul>
</div>
<h2 id="passwords">Privacy & Security Preferences - Passwords</h2>
<p>This section describes the Passwords preferences panel. If you're not
already viewing it, follow these steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy & Security category, click Passwords. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)</li>
</ol>
<h3>Password Manager</h3>
<p>Password Manager preferences allow you to</p>
<ul>
<li><strong>Remember passwords</strong>: Select this checkbox to turn
Password Manager on, so that it asks to store your user names and passwords
at appropriate times and enters them for you automatically when
they're requested. To turn off Password Manager, deselect the same
checkbox.</li>
<li><strong>Manage Stored Passwords</strong>: Click this button to manage
information about your stored passwords and the websites whose user names
and passwords you don't want to be stored.</li>
</ul>
<p>For detailed information about using Password Manager, including how to
override it for individual websites and how to view and manage stored
passwords,
see <a href="using_priv_help.xhtml#using_the_password_manager">Using the
Password Manager</a>.</p>
<h3 id="master_passwords">Master Passwords</h3>
<p>A master password protects a security device, which is a software or
hardware device that stores sensitive information associated with your
identity, such as keys or certificates.</p>
<p>For example, the browser has a built-in Software Security Device, and you
can also use external security devices, such as smart cards, if your computer
is configured to use them.</p>
<p>The master password for the browser's built-in Software Security Device
also protects stored sensitive information such as email passwords, website
passwords, and other data stored by the Password Manager.</p>
<p>Each security device, whether it is software or hardware, has its own
separate Master Password.</p>
<ul>
<li><strong>Change Password</strong>: Click this button to set or change any
of your master passwords. For information about using the Change Master
Password dialog box that appears when you click this button, see
<a href="#change_master_password">Change Master Password</a>.</li>
<li>You can control how often the browser requests your master password:
<ul>
<li><strong>The first time it is needed</strong>: This setting
(selected by default) causes the browser to request your master
password only the first time it needs access to the private key
database after launching. The browser will not request the master
password again until after you exit and relaunch it. This setting
provides the lowest level of protection.</li>
<li><strong>Every time it is needed</strong>: This setting ensures that
the browser will never access your saved personal information without
first requesting your master password. This setting provides the
highest level of protection.</li>
<li><strong>If it has not been used for [__] minutes or longer</strong>:
This setting causes the browser to request your master password if it
needs to access your personal information and the specified interval
has elapsed since the last time it did so.</li>
</ul>
</li>
<li><strong>Reset Master Password</strong>: Click this button to reset the
master password for the Software Security Device. For more information,
see <a href="#reset_master_password">Reset Master Password</a>.</li>
</ul>
<h3 id="encrypting_versus_obscuring">Encrypting Versus Obscuring</h3>
<p>If you use Password Manager to save passwords and personal data, this
sensitive information is stored on your computer in a file that's
difficult, but not impossible, for an intruder to read. This way of storing
information is sometimes described as <q>obscuring</q>. This is the default
setting that applies to information stored by Password Manager.</p>
<p>For improved protection, you may choose to protect the file with encryption.
Encryption makes it more difficult (but again, not impossible) for an
unauthorized person to view your stored sensitive information. To turn on
encryption you need to set a <a href="glossary.xhtml#master_password">master
password</a>.</p>
<p>Using encryption versus obscuring for stored sensitive data is a tradeoff
between improved security and convenience:</p>
<ul>
<li>If you use encryption, you will need to enter a master password
periodically, which can be inconvenient. (For further information see the
discussion of the Master Password at <a href="#master_passwords">Master
Passwords</a>.)</li>
<li>If you use obscuring, you may not have to set a master password at all
(unless you're using certificates for identification purposes), but it
may be easier for a stranger who has access to your computer to steal your
passwords.</li>
</ul>
<p>For more details, see
<a href="using_priv_help.xhtml#encrypting_stored_sensitive_information">Encrypting
Stored Sensitive Information</a>.</p>
<h2 id="password_manager">Password Manager</h2>
<p>This section describes how to use the Password Manager dialog box to control
your stored passwords. If you are not already viewing it, follow these
steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy & Security category, click Passwords. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)</li>
<li>Click Manage Stored Passwords.</li>
</ol>
<p>Alternatively, open the Tools menu, choose Password Manager, and then choose
Manage Stored Passwords from the submenu.</p>
<p>The Password Manager has two tabs:</p>
<ol>
<li><strong>Passwords Saved</strong>: Click this tab to view the list of
websites for which Password Manager has saved your user name and
password—that is, the websites for which you selected <q>Yes</q>
in response to Password Manager's request to store logon
information.
<p>The second column shows the user name for each website. If the password
is stored in encrypted form, <q>(encrypted)</q> appears after the user
name.</p>
<p>By default, stored passwords are not displayed.</p>
<ul>
<li>To see the list of stored passwords, click Show Passwords and confirm
your choice.</li>
<li>To hide the passwords, click Hide Passwords.</li>
</ul>
<p>If you remove an entry from the list, the stored user name and password
will be discarded, and you will need to log in manually the next time you
visit that website.</p>
</li>
<li><strong>Passwords Never Saved</strong>: Click this tab to view the list
of websites for which you selected <q>Never for this site</q> in response
to Password Manager's request to store logon information.
<p>If a website is included on this list, you will always have to type in
your user name and password manually when you log onto the website.</p>
<p>If you remove an entry from this list, Password Manager will again ask
you, the next time you log onto the website, whether to store your user
name and password.</p>
</li>
</ol>
<p>Regardless of which tab you are viewing, you can remove entries from the
list as follows:</p>
<ul>
<li><strong>Remove</strong>: Select one or more entries that you want to
remove, then click Remove.</li>
<li><strong>Remove All</strong>: Click this button to remove all the entries
listed in the tab you are viewing.</li>
</ul>
<p>For more information about the Password Manager, see <a href=
"using_priv_help.xhtml#using_the_password_manager">Using the Password
Manager</a>.</p>
<h2 id="change_master_password">Change Master Password</h2>
<p>You must remember your old master password to change it with the Change
Password button.</p>
<p>This section describes the Change Master Password dialog box. If you're
not already viewing it, follow these steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy & Security category, click Passwords. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)</li>
<li>Click Change Password.</li>
</ol>
<p>A master password protects a security device, which is a software or
hardware device that stores sensitive information associated with your
identity, such as keys or certificates.</p>
<p>For example, the browser has a built-in Software Security Device, and you
can also use external security devices, such as smart cards, if your computer
is configured to use them.</p>
<p>The master password for the browser's built-in Software Security Device
also protects your master key. Your master key is used to encrypt sensitive
information such as email passwords, website passwords, and other data stored
by the Password Manager.</p>
<p>You use the Change Master Password dialog box to provide the following
information:</p>
<ul>
<li><strong>Security Device</strong>: Each security device requires a
separate master password. For example, if you are using one or more smart
cards to store some of your certificates, you should set a separate master
password for each one. If more than one security device is available, a
drop-down list at the top of the Set Master Password dialog box allows you
to choose the device whose password you want to change.</li>
<li><strong>Current password</strong>: If you are changing an existing master
password, you must first type the current password. If you don't type
the current password correctly, you will see the message <q>You did not
enter the current correct Master Password</q> after you click OK. If this
happens, you must retype your current password.</li>
<li><strong>New password</strong>: Type your new password into this
field.</li>
<li><strong>New password (again)</strong>: Type your new password again. If
you don't type it the second time exactly as you did the first time,
the OK button remains inactive. If this happens, try typing the new
password again.</li>
</ul>
<p>If someone uses your computer who knows or can guess your master password,
that person may be able to access websites while pretending to be you. This
can be dangerous—for example, if you manage your financial accounts
over the Internet.</p>
<p>Therefore, it's important to select a master password that's
difficult to guess. The <strong>password quality meter</strong> gives you a
rough idea of the quality of your password as you type it based on factors
such as length and the use of uppercase letters, lowercase letters, numbers,
and symbols. It does not guarantee, however, that no one will be able to
guess your password.</p>
<p>For further guidelines, see <a href="#choosing_a_good_password">Choosing
a Good Password</a>.</p>
<p>It's also important to record your master password in a safe
place—and <strong>not</strong> anywhere that's easily accessible
to someone else. If you forget this password, you may not be able to access
important information, such as websites that require passwords or
certificates stored on your computer.</p>
<h2 id="reset_master_password">Reset Master Password</h2>
<p><strong>Warning</strong>: If you reset your master password, you will
permanently erase all the encrypted web and email passwords, saved on your
behalf by Password Manager. You will also lose all your personal certificates
associated with the <a href="glossary.xhtml#software_security_device">
Software Security Device</a>.</p>
<p>To change your master password rather than resetting it, click the Change
Password button in the Passwords preferences panel.</p>
<p>This section describes the Reset Master Password dialog box. If you're
not already viewing it, follow these steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy & Security category, click Passwords. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)</li>
<li>Click Reset Password.</li>
</ol>
<p><strong>Warning</strong>: If you reset your master password, you will
permanently erase all encrypted web and email passwords, saved on your behalf
by Password Manager You will also lose all your personal certificates
associated with the
<a href="glossary.xhtml#software_security_device">software security
device</a>.</p>
<p>If you remember your master password and decide to change it, you can do so
without danger of losing any personal information. If you are viewing the
Reset Master Password alert and you decide you want to change your password
rather than resetting it, click Cancel to return to the Passwords
preferences panel, then click Change Password. For details, see
<a href="#change_master_password">Change Master Password</a>.</p>
<p>Resetting your master password is a last resort that you should use only if
you are absolutely sure you've forgotten it. The seriousness of the
situation depends on how much personal data your forgotten master password
protects.</p>
<p>Resetting your master password does not create a new password. Instead, it
removes all the data your old master password protects. You will be asked to
specify a new master password the next time the browser needs to store
personal information.</p>
<p>After you reset your master password, you may also want to re-save personal
information that you want to have prefilled in the future. For example, as
you browse you may want Password Manager to save website and email passwords
again. In addition, any personal certificates associated with the software
security device will be permanently erased and you will need to apply for new
ones.</p>
<p><strong>Note for smart card users</strong>: Each smart card has its own
master password. The master password for a smart card protects only the data
on that smart card (such as personal certificates). You can normally change
the master password for a smart card (assuming that you remember it), but you
cannot reset it.</p>
<h2 id="choosing_a_good_password">Choosing a Good Password</h2>
<p>Choosing a good password will help in keeping your personal information
safe and private. To improve the security of your password, follow some
or all of these suggestions:</p>
<ul>
<li>Special and punctuation characters (*!$+) mixed with letters and
numbers.</li>
<li>Mixed upper and lower-case letters—putting capitals in random
locations throughout a password is effective.</li>
<li>Nonsense words that aren't found in dictionaries but are easy to
pronounce.</li>
<li>Eight or more characters.</li>
</ul>
<p>You should avoid personal information that could be guessed. So the
following common items should be avoided:</p>
<ul>
<li>Personal or family names, your initials or birthdays.</li>
<li>Your social security number.</li>
<li>Names of pets or famous places.</li>
<li>Phone numbers or addresses.</li>
<li>Words from any kind of dictionary.</li>
<li>Your username, login name or computer's name.</li>
<li>Repetition of the same letter or symbol.</li>
<li>Sequences of keyboard keys, such as <q>12345</q> or <q>qwerty</q>.</li>
<li>Any minor modification of the above, such as appending a character to the
end of your name or spelling backwards.</li>
</ul>
<p>A good way to choose a secure but easily remembered password is to use the
first character of each word in a phrase. For instance, <q>StNh*nbsS</q>
stands for <q>Surfing the Net has never been so Suite</q>; the asterisk in
the middle is included for increased security. (Don't use this
password!)</p>
<p>To further protect your personal data, you are advised to follow these
simple rules:</p>
<ul>
<li>Never give the password out to anyone.</li>
<li>If someone has learnt your password, change it immediately.</li>
<li>Every few months, change your password.</li>
<li>Choose a password you can remember so you don't have to write it
down.</li>
<li>Avoid letting people observe you typing your password.</li>
</ul>
</body>
</html>