]> snarfed.org draw group stream of consciousness Ryan Barrett <snarfed at ryanb dot org> en text/html Copyright 2002-2007 Ryan Barrett change firefox's saved passwords Ryan Barrett <snarfed at ryanb dot org> 2003-01-01T05:00:00Z en text/html Copyright 2002-2007 Ryan Barrett

One of my favorite Firefox features is Saved Passwords, which saves usernames and passwords for sites that require a login. Combined with the Auto-Login user script, this easily saves me 20-30 minutes every day.

When you change your password on a site, Firefox almost always notices and changes its saved password too. Unfortunately, Firefox can't be expected to grok single-sign-on services like Passport and most corporate intranets. If you change your single-sign-on password, you're stuck with the old saved password for every single-sign-on site you use. You could delete their saved passwords, but then you'd have to re-enter your new password for every site. Boo.

When I hit this roadbump recently, I rolled up my sleeves and dove into the saved passwords file. Depending on the version of Firefox that created your profile, this will be signons.txt, signons2.txt, or [some_number].s in your Firefox profile directory. (Mine is ~/.mozilla/firefox/default.jre/56011215.s.)

The file should something like this:

#2c
.
http://www.yahoo.com

MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC...
*
MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC...
.
http://www.google.com
userid
MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC...
*pass
MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC...
.
http://www.microsoft.com
email
MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC...
*password
MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC...
...

For each site, it stores the names of the username and password fields and your (obfuscated) actual username and password. The obfuscation isn't based solely on the value, since sites with identical usernames and passwords will have different obfuscated values. However, from what I can tell, the differences aren't based on the site's URL, the field names, or anything else that matters. They're pure salt. So, you can replace any stored password with any another, and Firefox will de-obfuscate the replacement correctly.

This makes changing saved passwords en masse fairly easy. First, log into a site with your new password, and check that Firefox saved it. Open the saved password file, copy the stored password for that site, and paste it over the stored password for each site you want to update. Restart Firefox, and you should breeze past login pages just like normal!

If you have to do this often, it shouldn't be hard to whip up an awk or perl script to do it automatically. Even a simple Emacs regexp-replace would probably do the job.

See also:

http://snarfed.org/ change firefox's saved passwords-1 intelliot cmt_pubDate text/html Awesome. This is exactly what I was looking for. Now I'll try it out :) http://snarfed.org/ change firefox's saved passwords-2 Guest cmt_pubDate text/html I don't believe this works if you have set the master password as it seems to then use a more complex form of encryption.

On the other hand… if you haven't set it, then somebody can just use a base64 decode function on your username and password to decrypt them.

- Gerry http://snarfed.org/ change firefox's saved passwords-3 petroleo cmt_pubDate text/html Google the best! http://snarfed.org/ more good www.minhasimagem.pop.com.br my site! :P Tranks!! http://snarfed.org/ change firefox's saved passwords Mark L cmt_pubDate text/html Firefox needs to come out with a way to save the passwords to a file so that everyone can grab them and save them when reformatting their computer.
Sincerely,
Mark
http://snarfed.org/ change firefox's saved passwords skylie cmt_pubDate text/html This is what I needed. Good job! http://snarfed.org/ change firefox's saved passwords cwd cmt_pubDate text/html If you're looking for a way to export all your passwords check out the Password Exporter extension:

https://addons.mozilla.org/en-US/firefox/addon/2848 http://snarfed.org/ change firefox's saved passwords Firefox seguro cmt_pubDate text/html Awesome! Thank you for the tip (I never would guessed it)