Reconsidering primary/master password on Fenix

[devmet34]

Hello,

Primary/master password feature is a good one. It definitely gives extra security to users, actually it should be dafault on every mobile browsers considering there is only 1 step protection on mobile devices which is a pin/password or even a simple pattern or just swiping. Therefore, a second step security like primary password is a must. 2/3 step security are everywhere nowadays, so why not on a mobile browser where many users save/sync their important credentials.

In addition to functionality, chrome doesnt have this one yet so would be wise to have this feature.

[kbrosnan]

There are no plans to revisit that decision. Luiche's explanation covers our reasoning. There are already several strong layers of protection that the Android OS provides. Any sort of local primary password would need to be stored on the device.

• option 1 the primary password is stored in the keystore. This is already done for passwords and other important data. If the attacker has a way to bypass or extract data from the keystore then no added security was provided by a primary password as the attacker would have access to all the data needed to decrypt the primary password and the Fenix important data.
• option 2 the primary password is stored by Fenix. This would have the Fenix team write a custom bit of crypto code or use a library to store the primary password locally inside the Fenix data area. If an attacker had root, a flaw in the custom code or library, or access to the Fenix data store then they would have the information to break the primary password. However the important data would still be protected by the keystore method mentioned above.

Adding the complexity of a primary password would increase the engineering cost of interacting with the stored data for the team. As described above it would not significantly increase the security of the users stored data on the device.