Darwin's Theories Blog

New Theories for a New Time

Removing embarassments from Firefox's remembered username form field

2011-08-31
Skip this if you are a 100% perfect typist
Suppose that you use Firefox a lot, and, being reasonably security-conscious, you don't let it store your passwords, only the usernames and other form fields. So far, so good. Suppose one day you're in a bit of a hurry and you touch-type the name, hit tab, and type the password, and press enter. But you miss the tab key, and hit caps lock instead (on "modern" keyboards, caps lock is where the CTRL key belongs, but that's a lost battle). Unsurprisingly, the login fails.

Surprisingly, Firefox now remembers your password!  As soon as you type the first letter or two of your login, it will now pop up two choices, say, 'iandarwin' and 'iandarwinSECRET42' (where the password is in upper case if you hit caps lock, or 'iandarwinqsecret42' if you hit the 'q' key, and so on. Presto! The person with good eyesight in the next office, or with a telescope in that apartment building across the road, or both, now know your password!

Fortunately, fixing it is pretty easy, if slightly version-dependant. This works exactly on Firefox 5 on *NIX; for Windoze or Mac the directory location will be different but the process the same. For versions other than 5 there may be other variations or it may not work at all.

First, figure out where Firefox keeps your files. On *Nix there is a directory ~/.mozilla/firefox/XYZ.default (where XYZ is some random string). On Mac OS X where you are required to "think different" - what I call difference for its own sake, a.k.a. gratuitous incompatibility - the FireFox people had to use ~/Library/Application Support/Firefox/Profiles/XYZ.default/. If there is more than one of these .default directories you will have to figure out which one is for you. I magically changed mine to "ian.default" some time ago, so that's what I'll use in the example.

In this directory is a file called "formhistory.sqlite". Extra points if you can guess that this is an SQLite database. See https://www.sqlite.org/ for details on what this is, or read it on WikiPedia.

You need to have the 'sqlite3' database installed; see your *Nix package manager for how to install.

In a terminal or 'cmd' window, invoke the database front-end with the path to your formhistory database:

sqlite3 ./ian.default/formhistory.sqlite

sqlite> .tables

moz_history

sqlite> .schema moz_formhistory

# shows how to recreate this table, e.g., lets you see the column names.

# now find the offending entry, it had 42 near the end of the password

sqlite> select id, value from moz_formhistory where value like '%42%';

1234|ianSECRET42

# select the one you want to delete, and use its id in the delete command.

sqlite> delete from moz_formhistory where id = 1234;

# If you are extra crazybrave, you can combine the find, inspect and delete

sqlite>delete from moz_formhistory where value like '%42%'; # DANGER

Don't blame me if you use the crazybrave one and Firefox stops working or your computer catches on fire or anything goes wrong. In fact, don't blame me at all, it's free advice. Use with caution. Make backups first. You know all that stuff.
Tags
firefox