Last Updated on
For years we’ve been told we shouldn’t save passwords in the browser. It’s not as safe as a dedicated password manager, the security wonks would tell us. But you’re human and you’re fallible, you leave a spare key under the flower pot. What harm could it really do?
Now, Firefox Lockwise is the best/worst* of both worlds (*delete depending on your point of view). It’s the new default password manager in the Firefox browser, but it’s also a dedicated password manager app for Android and iOS, letting you use your saved passwords in other apps and browsers. Does it work? As this in-depth Firefox Lockwise review will explain, yes, but far from perfectly.
Firefox Lockwise on the desktop
Firefox is most commonly used on the desktop – it has virtually no mobile market share to speak of. So let’s explore how it works here first.
If you use Firefox on the desktop, you may have noticed that if you venture into the settings for your saved passwords, it’s now got the Firefox Lockwise branding.
Lockwise has a few new features that weren’t available in the old Firefox password manager. The best of these is the breached website alert. Thanks to Mozilla’s partnership with Have I Been Pwned, Lockwise can now check if your login details have been compromised in the breach of a major website, such as the recent attacks on Adobe, LinkedIn, 500px and others. If it has, you’ll get warning flags when you visit the site and in the password manager itself, urging you to change your password, which is a clever touch.
For instance, Firefox flags that my credentials were breached in the 500px attack, so naturally I want to change my password. Here’s where things start to crumble.
I navigate to the security settings section of 500px and hit the change password button, but here I’m left to drum up my own password.
Lockwise is capable of generating strong, random passwords. When I visited the Engadget website, for instance, and tried to sign up for a new account, it generated a strong password for me when I clicked into the password field.
(Don’t bother trying to use that password, it’s been changed.)
But that same option doesn’t appear when I attempt to change the 500px password. Nor when I attempt to change my saved password at ITV.com or any other site I tested. Neither is there an option to randomly generate a password that you find in many of the password manager browser plugins.
In other words, Lockwise is only doing half the job. It’s warning you when passwords are breached and not secure, but not helping you to create a strong, secure password to replace it.
Firefox Lockwise on iOS
Still, even if you have to use a strong password generator when changing your passwords, the Lockwise app should let you access those same strong passwords on your mobile devices, meaning you don’t have to rely on less safe, memorable passwords. At least that’s the theory. On iOS, it’s hit and miss.
If you download the mobile version of the Firefox browser, you can sync your logins and other settings in the browser and everything seems to work pretty smoothly.
But what if you want to continue with Safari or Google Chrome, or need to access passwords in apps? Well, that’s what the dedicated Firefox Lockwise app is designed to cater for, except it has shortcomings.
You can tell the Lockwise app which browser you prefer to use and it should offer to autocomplete logins and passwords when you visit sites with saved credentials. But when I used Safari to visit a site with a saved password, Lockwise locked up.
It recognised I had credentials saved for the site, but when I pressed the blue “Use” button at the bottom of the screen, nothing happened. No passwords were filled, no crumpets were buttered.
The same happened within an iPad app that demanded login details. It recognised Lockwise had the credentials saved but wouldn’t give them up. This is the safest password manager in the world, because it won’t give up your passwords, even when you want it to!
The experience proved a little smoother with the Chrome browser, but not much. When I visited a site with saved credentials, there were no Safari-like prompts telling me it had details saved for this site. Instead, I had to manually press the Passwords button on the keyboard, and then manually search the Lockwise pop-up for the site in question. Only then did it populate the fields ‘automatically’.
The other option is to open the Lockwise app when you visit a site or use an app and copy and paste the credentials, but that has the whiff of buying a Jack Russell and barking yourself.
As far as iOS is concerned, Lockwise can at the very best be described as a work in progress. As I said at the top, it’s fine if you’re using the Firefox browser, but otherwise it’s laborious with a capital L.
Firefox Lockwise on Android
Sorry, it’s no better. You might reasonably wonder whether some of Lockwise’s problems on iOS are down to Apple’s Appleness, its general reluctance to let apps interfere with other apps. Not so.
If anything, Lockwise is worse on Android than it is on iOS. I couldn’t find any way to get passwords to autofill in the Chrome browser, for instance. Chrome only wanted to access its own password manager and nothing else.
It’s fine if you install Firefox, log in and have everything synced, but then there’s not much point in Lockwise as a standalone app at all. It’s all very baffling.
Firefox Lockwise review verdict
Lockwise is frustrating. There’s the kernel of something good here. A proper password manager that’s integrated within a browser makes perfect sense.
But this isn’t a proper password manager. It has too many basic failings, making it too difficult to go about the web unhindered.
This is a fledgling product and I’m willing to cut Mozilla more slack than most, because it’s one of the good guys. But Lockwise needs to improve quickly if it’s to persuade me to perservere or turn my back on dedicated password managers, which work much more smoothly than this.
NOW READ THIS: Why is Firefox running slowly?