Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

After logging into Firefox account on brand new device, SimpleLogin extension automatically logs in too #121

Open
Asheq opened this issue Feb 12, 2022 · 2 comments · May be fixed by #122
Open

Comments

@Asheq
Copy link

Asheq commented Feb 12, 2022

I noticed that if I login to my Firefox account on a brand new device (or brand new Firefox profile), the SimpleLogin extension automatically logs in to SimpleLogin too.

I understand this is convenient, but I wonder if it is a security risk?

If someone manages to compromise my Firefox account, then they also automatically get access to SimpleLogin via the extension.

FWIW, other extensions don't do this (e.g., Bitwarden); they are logged out and explicitly require logging in before granting access.

@FozzieHi
Copy link

FozzieHi commented Feb 12, 2022

I agree, I think that API keys should be saved in local storage. I think this is currently happening because all settings are saved in sync storage. It should be fairly simple to move just the API values to local storage, but this may require users to re-input their API keys. What do you think about this @nguyenkims?

@nguyenkims
Copy link
Contributor

@FozzieHi that's indeed the cause :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants