Free and Safe PC Security
20.9.05
  Firefox - How to create and use a secure Firefox profile

Firefox has the very useful feature of storing a history of sites you have visited. Some of your favorite sites may present risks to you if the information that Firefox saved should become available to an identity thief. Sites such as online shopping, web email, banking, etc would be just as easy for a thief to use in in impersonating you as it is for you to use.

There are two options discussed here: the Firefox Master Password, and the TrueCrypt encrypted Firefox profile.

The first, and easiest is to use option, Firefox’s Master Password, requires nothing more than for you to enable it and set it. The Master Password option, when set, will permit the Firefox profile to run normally until you encounter a web page password field. When this happens you will be prompted to enter the Master Password before you can proceed. Using the Master Password is probably the best option if all you need to do is protect your Firefox passwords. The Master Password will not, in itself, conceal your Firefox history, cache, or cookies.

The simple steps for enabling the Firefox Master Password, and detailed information about this feature, are found at this link: http://kb.mozillazine.org/Master_password.

The TrueCrypt encrypted Firefox profile is the “CYA” option that will very safely encrypt every aspect of your Firefox profile. This includes your web page passwords and the entire history, cache, and cookie contents of the protected profile. You can use both options simultaneously without problem.

The following steps will create a safe and encrypted Firefox profile that can only be used by you with your TrueCrypt password.

To begin, you must have completed the installation of your TrueCrypt “P” drive per the earlier instructions. The drive must be mounted and accessible before you continue below.

Firefox must not be running as you continue below.


Setup a secure Firefox profile

The first thing we are going to do is create a new Firefox shortcut (icon) that will activate the hidden Firefox Profile feature. It is assumed here that you will work with shortcuts on your desktop, but the procedure can be adapted to wherever you prefer to keep your Firefox shortcuts.

1 – Right click, and hold down the button, on your Firefox icon
      Drag to the right just a bit and release     

2 – Click Copy Here and a new shortcut will appear

3 – Right click the new shortcut, then rename it to Firefox Profiles

4 – Right click the newest shortcut Firefox Profiles

5 – Click Properties

6 – Add a /p to the end of the Target info already populated

7 – Click OK

8 – Double click the newly modified Firefox Profiles shortcut

9 – Click Create Profile

10 – Click Next

11 – Enter new profile name: SecureProfile

12 – Click Choose Folder. . .

13 – Browse to drive P:
        Use Make New Folder to make a folder Firefox
        Use Make New Folder to make a sub-folder SecureProfile

14 – Click to highlight SecureProfile, then click OK

15 – Click Finish

16 – Click to highlight SecureProfile, then click Start Firefox

Firefox will now open with a brand new profile. All your work will now be managed in the new secure profile.

Your old, unsecured Firefox profile is still available by chosing the default profile. To assure security in the old profile, start Firefox with the unsecure default profile and use the Firefox tools to clear all the cache locations. For an unknown reason, if you delete the old, unsecure profile, the new secure profile stops working, so it is better to leave it in place with all its cache cleared.

It may be confusing which Firefox profile you are actually using. It is suggested you change or remove the home page on your old, unsecured profile (should you choose to keep it) to indicate the difference as Firefox starts up.

If you leave the Don’t ask at startup option checked, then your old Firefox shortcuts will open the highlighted profile. You will need to know this if your old shortcut icons are opening the wrong profile.

If you un-check the Don’t ask at startup option, then Firefox will offer you a choice of profiles.

The Firefox Profile manager will only open when Firefox is not running.

If you have more than one Windows user, then each user will need to secure their own Firefox profiles per these instructions.

A large Firefox cache can quickly fill your TrueCrypt secured private P: drive. It is recommended you reduce the size of the Firefox cache to prevent this. A smaller cache uses less disk space is normally un-noticable to the user.


Copying your old Firefox bookmarks or profile to the secure location

A new, secure Firefox profile gives you a clean slate as you use it. All your user IDs and other form datafill previously recalled by Firefox will need to be re-entered as it is first needed. If you want to copy your old profile to your secured area, then for reasons yet unknown you must create a new profile as above, test it for usability, then copy your old profile contents into into the secure profile.

To copy your old Firefox bookmarks only to your secured Firefox profile

1 – Start Firefox with your old, unsecured Firefox profile

2 – Click Bookmarks, then Manage Bookmarks

3 – Click File, then Export. . .

4 – Click the Desktop icon, then click Save

5 – Close Firefox

6 – Start Firefox with your new, secured Firefox profile

7 – Click Bookmarks, then Manage Bookmarks

8 – Click File, then Import. . .

9 – Click From File, then click Next >

10 – Click the Desktop icon, then click to highlight the previously saved bookmarks file

11 – Click Open and you are done

To copy your old Firefox complete profile to your secured Firefox profile

(This process is trickier and sometimes problematic, and so should only be done with care that it can be undone. Only an outline of what must be done is recorded here. There are no step by step instructions.)

You can only work with closed files, so close Firefox.

Locate both your old and new Firefox profiles.

Make copies of both entire profiles folders in case you need to revert to your old profiles. Your old profile is normally found in this path:
C:\Documents and Settings\[YourWindowsID]\Application Data\Mozilla\Firefox\Profiles\[random].default

Delete the complete contents of secure profile folder and replace the contents with the complete contents of the unsecured profile folder.

Start Firefox with the secure profile and it should now appear to contain all the history and bookmarks of the old, unsecured profile.

For reasons that are unknown, this seemingly simple trade of profile contents is troublesome and does not always work as desired. If you have trouble, restore the profiles from the copies you made earlier. To assure security in the old profile, start Firefox with the unsecure default profile and use the Firefox tools to clear all the cache locations. For an unknown reason, if you delete the old, unsecure profile, the new secure profile stops working, so it is better to leave it in place with all its cache cleared.

 
Comments:
Great tutorial. It does seem like you remove the old profile without it stopping your new secure profile from working in version 1.5.0.1.
 
Nice, clear writing for novices.

An important point to keep in mind, however, is that Firefox makes use of the operating system's temporary folder. Thus data that will reveal your browsing history could remain on your hard drive, although deleted from the system directory.

The solution apparently is to set the TMP and TEMP environment variables, presumably to a location within the TrueCrypt container.

See this page from the Mozillazine Knowledge Base:
http://kb.mozillazine.org/Protecting_the_contents_of_the_profile_-_browser
 
thanks for this great tips you have said about Firefox security this is amazing..
 
I might have an easier solution to offer for consideration when it comes to protecting Firefox profile. I've been using Rohos Mini Drive and it's feature Hide folder, that lets you password protect any application folder from C:\Program Files.
 
This is great and i use it every day now to connect to Firefox - my question is... does this hide your IP from websites/monitoring etc?
 
Hmmm great article. how to unlock password on computer
 
Post a Comment



<< Home
Create a free and very safe storage location on your computer

This site created for use with Get Firefox!




Compare Free To Paid Encryption




Powered by Blogger