One of my favorite Firefox features is Saved Passwords, which saves usernames and passwords for sites that require a login. Combined with the Auto-Login user script, this easily saves me 20-30 minutes every day.
When you change your password on a site, Firefox almost always notices and changes its saved password too. Unfortunately, Firefox can’t be expected to grok single-sign-on services like Passport and most corporate intranets. If you change your single-sign-on password, you’re stuck with the old saved password for every single-sign-on site you use. You could delete their saved passwords, but then you’d have to re-enter your new password for every site. Boo.
When I hit this roadbump recently, I rolled up my sleeves and dove into the
saved passwords file. Depending on the version of Firefox that created your
profile, this will be
your Firefox profile
directory. (Mine is
The file should something like this:
#2c . http://www.yahoo.com MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... * MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... . http://www.google.com userid MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... *pass MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... . http://www.microsoft.com email MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... *password MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcEC... ...
For each site, it stores the names of the username and password fields and your (obfuscated) actual username and password. The obfuscation isn’t based solely on the value, since sites with identical usernames and passwords will have different obfuscated values. However, from what I can tell, the differences aren’t based on the site’s URL, the field names, or anything else that matters. They’re pure salt. So, you can replace any stored password with any another, and Firefox will de-obfuscate the replacement correctly.
This makes changing saved passwords en masse fairly easy. First, log into a site with your new password, and check that Firefox saved it. Open the saved password file, copy the stored password for that site, and paste it over the stored password for each site you want to update. Restart Firefox, and you should breeze past login pages just like normal!
If you have to do this often, it shouldn’t be hard to whip up an awk or perl script to do it automatically. Even a simple Emacs regexp-replace would probably do the job.
31 thoughts on “change firefox’s saved passwords”
Awesome. This is exactly what I was looking for. Now I’ll try it out :)
I don’t believe this works if you have set the master password as it seems to then use a more complex form of encryption.
On the other hand… if you haven’t set it, then somebody can just use a base64 decode function on your username and password to decrypt them.
Google the best!
http://snarfed.org/ more good
http://www.minhasimagem.pop.com.br my site! :P
Firefox needs to come out with a way to save the passwords to a file so that everyone can grab them and save them when reformatting their computer.
This is what I needed. Good job!
If you’re looking for a way to export all your passwords check out the Password Exporter extension:
Awesome! Thank you for the tip (I never would guessed it)
time to bust out the ol’ brute force and crack these babies :P
Mark L: try the Foxmarks plugin, an excellent tool that does that saves passwords and bookmarks, also syncs them to your other machines.
Last night, I found out a project called firewebsso.com that seems to allow remote sync for passwds and bookmarks. But it is not yet under addons.mozilla.
Genius. Thanks loads! :D
i did not understand how to change the password after opening the file directory anyone who can decode this to a layman language?
https://addons.mozilla.org/en-US/firefox/addon/9652 – Mass Password Reset add-on for firefox. you can search by password and then replace all instances with a new one. Much easier.
Thank you for your effort
You could do that by going to edit>>preferences>>security>>passwords
Far easier to go to ‘Tools’, ‘Options’, ‘Security’, ‘Saved Passwords’, ‘Remove’ – this gives the option to remove one password (rather than ‘Remove All’). Then simply go to the site for the password you have just removed and type in your user name and new password and save with Firefox at the prompt.
I have just done this as for some reason Firefox had saved a user name with a capital as the first letter and it insisted on over-writing when I tried to enter it correctly. I have now changed it and re-saved and it works! Simples :o)
@Cathi, agreed! that’s definitely easier if you just have one password to change, or a handful, but not if you have dozens or hundreds. that’s when this helps.
Cathi, I did the same thing, BUT after removing the password saved for a certain site, Firefox no longer prompt for saving password, “remember password for sites” is checked, and no site listed in “exception”.
In fact, only the sites I never visited before pop up for saving password. Any sites that has been previously visited, won’t pop up for saving anymore.
Can anyone help?
David, I am having the same problem. Heard of a fix?
I want to save only the username without password. Does somebody know how to fix this? I tried to delete the passphrase but it didn’t work. tnks.
check this :
Firefox Password Recovery is a smart and powerful utility to recover passwords to web sites saved in Firefox Web Browser and Thunderbird. This tool can get the list of all usernames and passwords saved in Firefox Web Browser with only one button click!
In addition, this program also allows you to reset Firefox Master password.
Mohsen’s link worked and works perfectly for me. Thanks Mohsen.:)
solution is at
~MAKE SURE IT’S NOT ON THE LIST OF EXEMPTIONS
Tools-Clear recent history – check “site preference”,
then “clear now”
when you go back to login, firefox will prompt up a msg asking whether you wanna remember the password, after you click “remember”, it will store your password again
Mohsen ‘s worked so easy!!!
Why can’t a simple item in/on the tool par give you access to the straight forward access to all saved passwords/for each website you choose to save. Whoops! …accessed by your logon password, or some similar approach. 72 now and things aren’t getting easier, memory getting worse and all help is appreciated. So, while I am at it, give us the ability to have all files encrypted to a very high level, or, at least give us the option to select this. Also, make it so the government stuff on the computer is removed/corrupted or just plain made ineffective.
Also, Don’t save searches on the cloud!