[firefox-lockbox]

Firefox Lockbox architect here. Thank you for the feedback. Your comment is fair; we can, and will, do better on the details. The language we have today is the balance marketing, security reviewers, and engineering could reach for the masses to feel informed without being overwhelmed and confused.

As you found, Firefox Accounts derives the encryption key from your username and password on the client-side; the server is never aware of your password. That encryption key protects your data on your device using AES-256-GCM, and is stored in its security enclave behind Touch ID or Face ID wherever possible.

[_sigma]

>The language we have today is the balance marketing, security reviewers, and engineering could reach for the masses to feel informed without being overwhelmed and confused.

It would be fantastic to have a 'more details' page, where the nitty-gritty is detailed for those who care.

[firefox-lockbox]

Thanks for this, and wanting to know more! We're working on expanding our docs to add this.

[some_account]

Maybe also compare this service with other cloud password managers. It's not easy to understands the pros and cons of each of them. Is this a better service than existing managers and if so, in what way?