Recently released Firefox version requires users to enter their OS password/biometrics to retrieve or edit the passwords in Password manager Lockwise. After receiving multiple reports about issues with the feature, Mozilla is now remotely disabling the OS authentication feature in Firefox 76 and Firefox 77 by rolling out a pref change via Normandy.
Starting Firefox 76, if you’ve not set a master password, whenever you try to view or copy a password in the password manager, you’ll be asked to enter the OS account password.
While Firefox limits asking master password once per session, you’ll be repeatedly prompted to enter the Windows password whenever you try to view/edit a password in about:logins page.
Mozilla has prepped the OS authentication feature is to prevent snooping, in other words, to stop others who are using your device from seeing your passwords over your shoulder.
This is an anti-snooping feature, but definitely not a security feature and has its drawbacks and caused the following issues to the users which Mozilla realized.
- Users asked to enter the password which they’ve not set for OS
- Some users confused which password they need to type: Windows or Firefox’s
Mozilla wants to address these things in Firefox 78, meanwhile, they’re disabling OS authentication feature in Firefox by toggling a pref via Normandy system. The company has begun making the change with the aim to finish it by next month, June 6 for all Firefox users running Firefox 76 and Firefox 77.
ICYDK, Firefox 77 is scheduled to release on June 2.
Disable Windows Password prompt in about: logins on Firefox
1. Launch Firefox browser
2. Visit about: config
3. Click on “Accept the Risk and continue”
4. Search for “Os-auth” without quotes, for the highlighted preference “signon.