Skip to content
Naked Security Naked Security

Firefox brings Lockbox password manager to Android’s autofill

All your saved Firefox passwords, now happily inserting themselves into your Android-verse!

Diehard Firefox user? Devoted resister of the Google-in-every-nook-and-cranny Android mobile environment?

Mozilla to the rescue!

On Tuesday, Mozilla, the maker of Firefox, announced that it’s brought its free password manager, Firefox Lockbox, to Android users, bringing what it says will be cross-platform happiness to Firefox users who have dozens, or even hundreds, of logins stored in their browsers.

Today, many of those logins are the same ones used in the apps you download on mobile, so we’ve been working on making your various online identities work on your terms.

Mozilla already has an iOS version of Firefox Lockbox – one that it’s recently optimized for iPad. Bringing it to Android is…

…the next step in our efforts to give people the advantage when it comes to keeping them safe online with trusted tools and services from Firefox.

Automagical autofill

Mozilla says that Lockbox works with Android autofill to make it a seamless transition from using your Firefox desktop browser to your mobile browser. It automatically fills in the passwords saved on desktop to get into your apps, be it Facebook, Yelp, Netflix or anything else, on your mobile device.

Lockbox is a simpler version of other, more feature-rich password managers, such as LastPass, BitWarden, 1Password and Dashlane. Granted, it only works with the Firefox browser, but it’s purportedly pretty easy to get up and running without any extra set-up: you use your mobile Firefox account, and it auto-imports the passwords you’ve already stored in your desktop Firefox browser.

You can easily unlock the app using your fingerprint or Face ID, as well.

I say “purportedly” because there are (a minority of) users complaining on the Google Play store about mobile Firefox failing to sync with the desktop version. Outside of that kind of frustration, Lockbox for Android should fetch usernames and passwords for all your accounts from your desktop browser, just like the iOS version does.

Syncing between devices is done with 256-bit encryption.

This makes Firefox Lockbox a good option for those of us who don’t want to/can’t remember our passwords or lug around a suitcase stuffed full of sticky notes we scribbled them onto, and who don’t want to be bothered with transferring all their logins into a standalone password manager.

Currently, it’s just your basic password manager

We like password managers. They’re not perfect, but they’re better than password reuse that leads to hijacked accounts. Having said that, be aware that Lockbox doesn’t offer some of the slick features of more replete password managers, which can generate unique, tough-to-guess passwords. Nor does it offer to save usernames and passwords when you sign up for a new site.

Mozilla told CNET that those features are in the works, though:

Currently, there is no password generator for new accounts. For today’s launch, we are bringing additional value to Firefox users by improving their login experiences. We are exploring options for future features, and what might resonate best with Firefox users.

In the meantime, if you’re not signing in to your mobile Firefox account with a finger or face, you’re hopefully doing so with a good, strong password, be it mobile or desktop, because…

Teensy-weensy keyboards ≠ itsy-bitsy passwords

You need unique, mother-loving Megalodon-strong passwords, even if you’re pecking away at a Barbie-doll-sized keyboard. If you’re registering online with a mobile and trying to avoid finger fatigue, you might be tempted to pick a pipsqueak password – some 6-digit crud such as “!23456”, say.

Mobile password managers can help avoid both the finger fatigue and the flimsy password creation it all too often leads to. They can save you from a lot of typing and a load of password-reusing.

Password managers make creating, storing and using a slew of strong passwords much easier. True, they’re not infallible. There have been issues reported recently about password managers not scrubbing passwords from memory once they’re no longer being used, but we still believe that the advantages outweigh the issues, which will likely be tidied up through updates anyway.

But you still have to create, remember and use a proper password to secure the password manager, be it on desktop or mobile.

To cook one up, check out our video:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

1 Comment

256 bit encryption = zero encryption when password manager data is being synced over a network accessible to a government or corporate spy, or synced with a device or computer you can’t secure 100% of the time. You may as well just leave it in plaintext on your wall. Safer option: a pocket calendar and address book.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!