[senectus1]

ouch. unexpected lesson to be learned here...

Don't use browser password saving. I presume a third party app like bitwarden would have been better. though if the browser auto syncs and installs the extension your risk is a little higher.

[iamevn]

I was already almost entirely migrated to keepassxc but had kept using the browser feature out of habit. Quickly disabled that and had a really fun few days changing absolutely everything's password.

[brokenmachine]

How did you know that your passwords were stolen?

[iamevn]

found a CSV file containing my passwords in the sandboxed appdata

[schmorptron]

Oh? I always assumed the Firefox feature would be fine with a master password and 2fa set up , but is a third party manager really a substantial upgrade security wise?