Recently, the folks at Mozilla have announced a change that’s coming soon. Depending on who you are, the newly announced feature can be seen as a very good, or a very bad thing.
Firefox 79, the Nightly build, allows users to export saved credentials as plain text into a CSV file.
On the surface of it, that’s very good news. That’s because if you use multiple devices and want to create a way to manage your passwords across them and across multiple platforms, having a handy text-based file is a good option that adds both value and convenience.
It is not without risk, however. Consider what could easily happen if someone compromises your machine. It would be a trivial matter for them to convert all of your stored passwords to plain text, then exfiltrate the CSV and gain access to everything you touch. That’s grim.
To at least partially counter this, the Firefox development team has built in a requirement that users must enter their Windows password before the export process completes. Apple and Android users are out of luck on this front.
On balance, this feels like a move in the wrong direction. While it’s certainly true that the new feature offers some advantages, it seems that the risks far outweigh those. If you use Firefox, this might be a reason to consider migrating to a different browser, especially if you use an OS other than Windows 10.