Mozilla developers without generating a new release through the experiment system among users of Firefox 76 and Firefox 77-beta, an update that disables the new mechanism for verifying access to stored passwords that is used on systems without a master password. Recall that in Firefox 76, for Windows and macOS users without a master password set, to view passwords saved in the browser, the OS authentication dialog began to appear, requiring the input of system credentials. After entering the system password, access to the saved passwords is granted for 5 minutes, after which the password will need to be entered again.
Collected telemetry showed an abnormally high level of authentication problems using system credentials when trying to access browser-stored passwords. In 20% of cases, users were unable to verify and were not given access to their saved passwords. There are two main reasons that are likely to be the source of the problems:
- The user may not remember or know their system password because they are using an auto-login session.
- Due to the lack of clear explanation in the dialog, the user does not understand that a system password is required and tries to enter the password for the account in the Firefox Account used to synchronize settings between devices.
It was assumed that system authentication would protect credentials from prying eyes if the computer was left unattended if the master password was not set in the browser. In fact, many users were unable to access their saved passwords. The developers have temporarily disabled the new feature and intend to review the implementation. In particular, they plan to add a clearer description about the need to enter system credentials and disable the dialog for automatic login configurations.
Source: opennet.ru