Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Verdict

Firefox has built a real, free password manager into its Sync accounts. It does its job, but activation is fiddly and features are limited, so most people will be better off with a dedicated product.

Pros

  • Conveniently integrated into the browser
  • Allows local encryption with primary password

Cons

  • Local passwords remain accessible unless you manually set a primary password on each device

Key Features

  • SecurityAES-256, password to encryption key derivation via 1000 rounds of PBKDF2

Introduction

The Firefox Password Manager is integrated into every Firefox Sync account and, once activated, will synchronize and secure your passwords across every Firefox browser you have signed into your account.

This is essentially Firefox’s own take on Google’s Password Manager which is integrated into the Chrome web browser. But with a user-defined, zero-knowledge primary password and consistently rolled-out versions, Firefox Password Manager is a far more solid proposition than Google’s Password Manager.

However, it’s still seriously lacking in features compared to bespoke password managers such as LastPass and Bitwarden. As a result, it’s far from being one of the best password manager options currently available.

Pricing

Like a Firefox Sync account, which it requires, Firefox Password Manager is completely free.

Features

  • Baked into the Firefox web browser
  • Requires different primary password for each device
  • Mobile users can use biometrics to unlock browser

Firefox Password Manager isn’t fully set up by default when you first create a Firefox Sync account, even if you enable password syncing. That’s not to say there’s no security. Your passwords are encrypted before being synced, subject to the usual HTTPS-grade TLS encryption when in transit, and still encrypted when stored online and on your hard drive, using a unique key based on your Firefox account password.

However, anyone with physical access to your browser can simply view your passwords in Firefox’s password page unless you specifically enable the Use a Primarly Password feature under Firefox’s Logins and Passwords setting. This is a poor default choice. It’s obviously been made for the benefit of Sync users who don’t want to deal with entering an extra password every time they open their browser, but in pure security terms, I’d like to see Firefox either oblige primary password use for any account that stores passwords in the browser or specifically prompt users to make their own decision about this setting as soon as a password is stored.

However, actually having the ability to set a primary password is something that Firefox does much better than rival Chrome. In Firefox’s main settings, you can tick a box to enable a primary password, and this will then be required every time you view your passwords on any synced version of Firefox, and every time you restart the browser to avoid autofill abuse by someone with access to your browser.

Firefox password management interface

Unfortunately, unlike every other password manager I’ve tested, Firefox requires a different primary password for each device, which removes much convenience and means that you have to manually secure every computer you have Firefox installed and your passwords synced on.

Mobile users can use biometrics to unlock their browser, and a breach monitoring service is also available for stored credentials. You can enable two-factor authentication, requiring a TOTP (Time-Based One Time Password) or single-use recovery code as well as your password to connect.

You can reset your primary password if you forget it, but as you’d expect from a zero-knowledge system, this will erase all stored passwords. You can set up a recovery key, though, plus there’s even a secondary email address takeover option if you lose access to your primarily email address.

Firefox Password Manager lacks any kind of quality-of-life features, from password history to secure sharing. It’s better than nothing, and it’s better than Chrome’s current offering to most users. For a person who doesn’t want to juggle multiple applications but still understands the need for password management, Firefox is an acceptable option; but LastPass’s extension-based model is better.

Latest deals

Should you buy it?

If you’re looking for convenience

Activating Firefox Password Manager makes some sense if you do everything in the browser and want to keep that safe, and if using multiple apps doesn’t work for you.

If you require sophisticated and customisable security

There are very few features here. Instead, use a different, dedicated password manager; LastPass or Bitwarden are great choices.

Final Thoughts

Firefox Password Manager is actually useful if you need to run a bare minimum of apps – whether to avoid complexity, save system resources or because you’re in a locked-down environment.

But if you’re looking for a password manager with an adundance of features, then you should use a dedicated password manger instead. Check out our Best Password Manager guide for more options.

Trusted Score
rating-star rating-star rating-star rating-star rating-star

Sign up for the Trusted Reviews Newsletter

How we test

We test each password manager ourselves on a variety of computer and mobile operating systems. We carry out comparative feature analysis against industry standards and rival products.

We used for at least a week.

Tested all of the available features.

FAQs

Where is password manager in Firefox?

Click on the hamburger settings menu in the browser, and then click on ‘Passwords’.

Does Firefox have a built in password manager?

Yes it does, although it doesn’t have as many features as a dedicated password manager.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words