Firefox’s master password does not protect the web accounts

firefoxpasswordsSecurity

I've set up a master password in Firefox 3.6 but it's not working as I expected. I always save my passwords within Firefox for frequently visited sites like Facebook, Yahoo! mail, Gmail, Twitter etc. and this way I don't have to type in my password every time I open that site. When I open Firefox, it asks for the master password but when I click Cancel, it opens normally, and lets me directly in my Facebook page, or Yahoo! Mail page. Why doesn't it protect my accounts? This way, anyone using my computer can see my accounts and it's totally pointless for me to use this master password. How can I protect my accounts with saved passwords in Firefox?

Best Answer

From the mozilla firefox knowledgebase:

A master password will not prevent others from reading locally stored e-mails, reading your browsing history, or from accessing sites the browser is already logged in to.

You probably clicked "remember me" or some similar option on said websites. Cookies are not protected by the master password. That is why you are still logged in automatically on those websites. Firefox doesn't log you in, the website does.

How to fix this?

Log out on every website (always do this!), and never click "remember me" again. Just let firefox autocomplete the username/password field. You are now protected by the master password in Firefox.