Mozilla Firefox comes with a built-in Password Manager (now known as Saved Logins) to remember, store and autofill sign in user names and passwords on the websites with registered accounts in a database file under user profile directory. Firefox users can use a Master Password to secure and protect the saved passwords. However, if you have lost or forgotten the master password, you cannot access and view all the saved login credentials and secrets in the Firefox Saved Logins anymore.
You’ll be disappointed if you hoping possible it’s able to easily retrieve and recover back the master password by reading somewhere in the registry or database file. However, the master password that is set is not stored anywhere at all. Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string in plain text related to the master password. If the decrypted data matches this known string then the entered password is correct. Thus it’s impossible to recover the master password directly, and if you lost the master password, you lost the access to the database file – and directly – all the stored secrets and sign on information as well.
However, all hope is not lost. Security Xploded releases a password recovery tool named FireMaster to recover the Firefox master password. FireMaster is an open source software that able to recover the Firefox master password from the Firefox key database file by generating password on-the-fly using combination of various password guessing (cracking) techniques such as dictionary, hybrid and brute force method, utilizing the same password matching and verification algorithm used by Firefox itself described above, but in an optimized way. FireMaster calculates the hash of the generated password and uses the hash to decrypt the known encrypted string for the password, until it get one that matched the known string, which is the correct master password.
FireMaster is a command line utility. Which mean you need to type in commands in Command Prompt to run and execute FireMaster to recover Firefox Master Password. If you’re unfamiliar with command line, FireMasterCracker, the GUI version of FireMaster is also available, though it only supports dictionary crack method.
Firefox actually stores the security information about encrypted string, salt, algorithm and version information in key3.db file in the user’s profile directory. So to make recovery process easier, you can copy the key3.db file to more powerful high end computer for faster recovery operation or copy to the same folder as FireMaster to avoid typing the long Firefox user profile folder path.
FireMaster and FireMasterCracker are periodically updated to support new version of Firefox, and thus they work on most versions of Firefox and Windows operating systems.