Skip to content
Naked Security Naked Security

Firefox to pile on more native privacy features

Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website.

Mozilla is expanding the privacy tools built into Firefox by integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned (HIBP) website.

Lockwise is an app for iOS and Android, and an add-on for the desktop version of Firefox. It’s a password manager designed to offer more seamless support for synchronising passwords across the three environments.

Firefox had password storage before, but Lockwise lets desktop users manage and edit their passwords and replicates the same interface across mobile devices. In Firefox 70, Mozilla will now integrate Lockwise directly into the browser.

Mozilla is also enhancing support for its front end to HIBP, which is a site operated by Australian security researcher Troy Hunt that collects lists of stolen login credentials from data breaches. It enables people to search for email addresses or passwords and lists the breaches associated with them.

Mozilla first supported Hunt’s site in September 2018 when it launched Firefox Monitor. This website was little more than a HIBP shell designed to draw more people to the service using the Mozilla name. Mozilla called it a minimum viable product and said that it would continue to improve it.

True to its word, in November 2018 it expanded the service to support multiple languages. It also added a notification in Firefox 67 that alerts desktop users when they visited a site with a recently reported data breach. And it updated Firefox Monitor with a dashboard so that people could monitor multiple email addresses.

Firefox 70 expands the in-browser Firefox Monitor notification feature to include saved logins. Users will access about:logins and see if their saved logins have been part of a data breach since they updated them.

Mozilla originally launched Firefox as a simple, fast browser, but it is gradually adding more features. Still, they are designed to enhance your privacy, and if you trust Mozilla, they might be better than using third-party add-ons that behave deceptively.

The danger of relying on third-party sites like HIBP is that ownership may change. Hunt has announced that he wants to sell the website, citing the insane amount of work it takes to operate it. However, he has vowed to maintain the integrity of HIBP and ensure that consumers can still search freely on it, regardless of who buys it.


Most people who use a password manager, also use more than one browser. I am not sure how much traction a browser-dependent password manager can get. I for one don’t see myself switching from LastPass to Lockwise.


Maybe people with password managers aren’t the target demographic for this feature. If the browser just does things, users without password managers may be moved subtly away from old password management solutions towards something that is hopefully more secure. The rest of us will probably just continue with our addons uninterrupted.


Maybe this feauture is not for those who use a password manager, but for the majority that does not.


Considering the vulnerabilities that have been found over the years in browser-based password managers, why should we trust this one more?


Because none of those vulnerabilities has resulted in the scale of problems caused by password reuse. In fact it’s not even close.


How does the relative scale of the problems compare to the relative scales of the two populations?

Human nature tells me that password manager users are a significantly smaller group than password reusers.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!