change firefox's saved passwords [![firefox.png](/space/firefox.png)](http://getfirefox.com/) One of my favorite [Firefox](http://getfirefox.com/) features is [Saved Passwords](http://www.mozilla.org/support/firefox/options#privacy), which saves usernames and passwords for sites that require a login. Combined with the [Auto-Login](http://labs.beffa.org/greasemonkey/) user script, this easily saves me 20-30 minutes every day. When you change your password on a site, Firefox almost always notices and changes its saved password too. Unfortunately, Firefox can't be expected to grok single-sign-on services like [Passport](http://www.passport.com/) and most corporate intranets. If you change your single-sign-on password, you're stuck with the old saved password for every single-sign-on site you use. You could delete their saved passwords, but then you'd have to re-enter your new password for every site. Boo. When I hit this roadbump recently, I rolled up my sleeves and dove into the saved passwords file. Depending on the version of Firefox that created your profile, this will be `signons.txt`, `signons2.txt`, or `\[some_number\].s` in your Firefox [profile directory](http://www.mozilla.org/support/firefox/profile#locate). (Mine is `~/.mozilla/firefox/default.jre/56011215.s`.) The file should something like this: #2c . http://www.yahoo.com MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... * MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... . http://www.google.com userid MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... *pass MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... . http://www.microsoft.com email MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... *password MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... ... For each site, it stores the names of the username and password fields and your (obfuscated) actual username and password. The obfuscation isn't based solely on the value, since sites with identical usernames and passwords will have different obfuscated values. However, from what I can tell, the differences aren't based on the site's URL, the field names, or anything else that matters. They're pure [salt](http://en.wikipedia.org/wiki/Salt_(cryptography\)). So, you can replace any stored password with any another, and Firefox will de-obfuscate the replacement correctly. This makes changing saved passwords en masse fairly easy. First, log into a site with your new password, and check that Firefox saved it. Open the saved password file, copy the stored password for that site, and paste it over the stored password for each site you want to update. Restart Firefox, and you should breeze past login pages just like normal! If you have to do this often, it shouldn't be hard to whip up an awk or perl script to do it automatically. Even a simple Emacs regexp-replace would probably do the job. See also: * [emacs keybindings in firefox](/space/emacs keybindings in firefox) * [thinkpad keys in firefox](/space/thinkpad keys in firefox) * [stop mozilla plugin prompt](/space/stop mozilla plugin prompt) * [kodak picturecenter hacks](/space/kodak picturecenter hacks) * [view evites anonymously](/space/view evites anonymously)