The Firefox password manager now tells you when you use leaked passwords

Mozilla has released today Firefox 76 to the Stable desktop channel for Windows, macOS, and Linux. This new release comes with with bug fixes, new features, and security patches.

Mozilla has released today Firefox 76 to the Stable desktop channel for Windows, macOS, and Linux. This new release comes with with bug fixes, new features, and security patches.

The highlight of the Firefox 76 release is a suite of new features added to Firefox’s built-in password manager, also known as Firefox Lockwise (available at about:logins).

Starting with Firefox 76, Mozilla says that Lockwise will now begin prompting users to enter their Mac or Windows OS account credentials before revealing any passwords in cleartext.

Mozilla said it added this feature at the request of the Firefox community. Firefox users complained that all a malicious threat actor had to do was to wait for the Firefox user to step away from their computer, then quickly access the Firefox built-in password manager to reveal and copy the user’s passwords on a piece of paper.

With this new feature in place, the attacker would also have to know the user’s OS credentials, lowering the chance that an intrusion like this (knwon as an “evil maid” scenario) would be successful.

WARNING FOR KNOWN LEAKED PASSWORDS AND BREACHED SITES

But this is only one of the features added to Firefox Lockwise in v76. Firefox’s built-in password manager now also scans all of the user’s stored passwords.

Mozilla says that if one of the user’s passwords is identical to a password that has been leaked online, Firefox will show a warning to the user, recommending that the user change the password, as this password is now most likely part of password dictionary lists that hackers are utilizing for brute-force attacks.