CyberNotes: Changing Your Firefox Password File
3 mins read

CyberNotes: Changing Your Firefox Password File

Two files are needed from your Firefox profile in order for someone to easily retrieve your passwords: key3.db and signons.txt. If someone has those two files they will be able to decrypt all of your passwords and view them without any hassle.

To help get around this (and hopefully deter the theft of my passwords) I decided to alter the name of my signons.txt file so that it isn’t named what someone would expect it to be:

  1. If you want your existing list of usernames/passwords transferred over to the new filename you first need to locate your profile folder which is located inside of the following folders:Windows 2000, XP:
    Documents and Settings\<UserName>\Application Data\Mozilla\Firefox
    Windows NT:
    WINNT\Profiles\<UserName>\Application Data\Mozilla\Firefox
    Windows 98, ME:
    Windows\Application Data\Mozilla\FirefoxMac OS X:
    ~/Library/Application Support/FirefoxLinux and Unix systems:
    ~/.mozilla/firefox
  2. Once you have navigated to your profile folder locate the file named signons.txt and rename it to something else. I renamed mine to bookmarksbak.txt to make it look like a backup of my bookmarks.
  3. Run Firefox and type about:config into the address bar.
  4. Find the value named signon.SignonFileName and double-click on it to change the value.
  5. Change the name to whatever value you renamed signons.txt to in Step 2. I changed mine to bookmarksbak.txt. Press OK when you are done.
  6. Restart Firefox and you will now be using your new password file.

I understand that this is by no means a big security measure but if I let someone use my computer real quick I don’t want them to grab those two files. Someone could easily still figure it out by looking at my configuration file for Firefox but that would take some additional time. I guess this gives me a little more peace of mind.

I was recently using Firefox and came across another site that I couldn’t store my password for. I got a little frustrated and said to myself “there has to be a way to fix that”. So I then started to search Google for ways to force Firefox to remember my passwords on more sites.

I finally came across a bookmarklet that would remove the autocomplete=”off” from the form fields on the page. It worked on all of the sites that I wanted it to, my bank account, email accounts, etc…! It was so great that I thought I better share with you the 10 second process of setting this up (without needing to install an extension to do it).

  1. Bookmark this link: Password Saver. To bookmark the link just right-click on it and select “Bookmark This Link…”.
  2. The next time you find a site that won’t remember your password just click on the bookmark. It will then remove all instances of autocomplete=”off”.
  3. Type your username and password into the site and press submit.
  4. That’s all! You should now be prompted to let Firefox remember your password.

Unfortunately this does not work on every site, but it has worked on all that I have tried. The most popular sites that this is used for are Hotmail and Yahoo. This one definitely earns its place in my bookmark toolbar.