Mozilla Rolls Out Recovery Key Option For Firefox Accounts

Mozilla announced today a new recovery option for Firefox Accounts, the user system included inside the Firefox browser. ZDNet: Starting today, users can generate a one-time recover key that will be associated with their account, and which they can use to regain access to Firefox data if they ever forget their passwords. Firefox Accounts is included with all recent versions of the Firefox browser.

Most users are familiar with it because of Firefox Sync, the system that synchronizes Firefox data such as passwords, browsing history, open tabs, bookmarks, installed add-ons, and general browser options between multiple Firefox instances. But while Sync does the actual synchronization, Firefox Accounts is at the core of Sync and is the system that manages the identities of Firefox users. Sync works by taking a user's Firefox account password and encrypting the user's browser data on the local computer.

Synch?

[Zorro]

Why would I DO that?

Every device has a different identity.

Diffrent emails and different accounts for every resource.

That way one confiscated or stolen device can only compromise those accounts.

Then I can brick it remotely.

Re:Synch?

[ls671]

Indeed, indeed, I don't use sync.

Basically screw the cloud for my sensitive data!

More details:
I don't even use the save password feature and I read my emails in pine. So, I will never ever need a recovery key for firefox. I have a proper backup strategy for everything including firefox configs and bookmarks. Backups are made on an encrypted partition on a remote data center on a server which I control fully and which nobody else can access since I wiped the disks and installed my own OS and I check for reboots and physical tampering with the intrusion sensor which tells you in the case is ever opened.

Also the remote backup server logs to a computer in my house in real time through a vpn to make sure I have a log copy what ever happens
example from syslog.conf:
authpriv.* -/var/log/secure
authpriv.* @10.256.222.53 // this is my home server

So the remote backup server logs locally on its disk and to my home server in real time.

sensors output example, see "intrusion" on last line

2,17,32,47 /usr/bin/sensors | /usr/bin/logger
Adapter: ISA adapter
Core 0: 48.0C (high = 82.0C, crit = 100.0C)
Core 1: 50.0C (high = 82.0C, crit = 100.0C)
Core 2: 48.0C (high = 82.0C, crit = 100.0C)
Core 3: 47.0C (high = 82.0C, crit = 100.0C)

w83627dhg-isa-0290
Adapter: ISA adapter
Vcore: 1.29 V (min = 0.92 V, max = 1.48 V)
in1: 0.76 V (min = 0.67 V, max = 0.83 V)
AVCC: 3.23V (min = 2.96 V, max = 3.63 V)
+3.3V: 3.23V (min = 3.46 V, max = 0.91 V)
in4: 1.84V (min = 1.36 V, max = 2.04 V)
in5: 1.26V (min = 1.13 V, max = 1.38 V)
in6: 1.45V (min = 1.42 V, max = 1.52 V)
3VSB: 3.23V (min = 2.96 V, max = 3.63 V)
Vbat: 3.23V (min = 2.96 V, max = 3.63 V)
fan1: 2909RPM (min = 712 RPM, div = 8)
fan2: 3375RPM (min = 712 RPM, div = 8)
fan3: 0RPM (min = 753 RPM, div = 128)
fan4: 0RPM (min = 753 RPM, div = 128)
fan5: 0RPM (min = 753 RPM, div = 128)
temp1: 50.0C (high = 75.0C, hyst = 70.0C) sensor = thermistor
temp2: 54.0C (high = 87.0C, hyst = 82.0C) sensor = CPU diode
temp3: 54.0C (high = 87.0C, hyst = 82.0C) sensor = CPU diode
intrusion0: OK

Re:Synch?

[_merlin]

You really shouldn't be using pine if you care about security. It's notorious for being coded in an insecure way, and it's going to be trivial to find exploits with basic data fuzzing. You're better off with mutt or something - pine is one of the packages you blacklist in environments where security matters.