Tutorial Thursday

Two files are needed from your Firefox profile in order for someone to easily retrieve your passwords: key3.db and signons.txt. If someone has those two files they will be able to decrypt all of your passwords and view them without any hassle.

To help get around this (and hopefully deter the theft of my passwords) I decided to alter the name of my signons.txt file so that it isn’t named what someone would expect it to be:

  1. If you want your existing list of usernames/passwords transferred over to the new filename you first need to locate your profile folder which is located inside of the following folders:

    Windows 2000, XP:
    Documents and Settings\<UserName>\Application Data\Mozilla\Firefox

    Windows NT:
    WINNT\Profiles\<UserName>\Application Data\Mozilla\Firefox

    Windows 98, ME:
    Windows\Application Data\Mozilla\Firefox

    Mac OS X:
    ~/Library/Application Support/Firefox

    Linux and Unix systems:

  2. Once you have navigated to your profile folder locate the file named signons.txt and rename it to something else. I renamed mine to bookmarksbak.txt to make it look like a backup of my bookmarks.
    Firefox Passwords

  3. Run Firefox and type about:config into the address bar.

  4. Find the value named signon.SignonFileName and double-click on it to change the value.
    Firefox Passwords

  5. Change the name to whatever value you renamed signons.txt to in Step 2. I changed mine to bookmarksbak.txt. Press OK when you are done.
    Firefox Password

  6. Restart Firefox and you will now be using your new password file.

I understand that this is by no means a big security measure but if I let someone use my computer real quick I don’t want them to grab those two files. Someone could easily still figure it out by looking at my configuration file for Firefox but that would take some additional time. I guess this gives me a little more peace of mind. ;)