May 28, 2013, 2:39 PM — Over the years, many have touted Mozilla's Firefox as one of the most secure Web browsers. But as with other browsers, the security level offered depends on the settings. Some security features need to be manually enabled. Those turned on by default should still be double-checked.
Follow these five steps to lock down Firefox. Start with the essentials in the browser's own settings, then choose some useful add-ons. Finally, keep track of your plug-ins so you can patch the inevitable security holes.
Enable a master password
Like other browsers, Firefox by default allows anyone who accesses your computer to log in to sites where you've saved the password. And as with Google Chrome, a list of the saved usernames and passwords can be viewed via the Options menu of Firefox.
Fortunately, Firefox offers a master password feature that encrypts and password-protects the saved password list. When enabled, you must enter the master password the first time you use a saved password, once per browser session. Additionally, even though you enter the master password the first time, you must always enter it before you can view saved passwords via the Options menu. This is a great feature to help prevent casual snooping of your passwords. It even prevents most third-party utilities from recovering them.
To enable the master password feature, open the Firefox menu, select Options, select the Security tab, and then check the Use a master password option.
Use a strong password for syncing
Like Google Chrome, Firefox has a syncing feature to synchronize your bookmarks, passwords, and other browser data to Firefox browsers running on other computers and devices. Fortunately, Firefox encrypts all synced data, not just your saved passwords (as Google Chrome does). Additionally, Firefox has more security than what Chrome offers by default when you're setting up a new computer or device to sync. In Firefox, you must log in with your Firefox Sync password. Then you must either enter a random passcode from the new device into one that you've already set up, or take the recovery key from a device you've already set up and input that key into the new device.
So you don't have much to worry about with Firefox syncing--as long as you use a strong password, one with upper- and lowercase letters, numbers, and special characters. If someone knows or cracks the password, and has access to a device you've already set up with syncing, they can then set up other devices with syncing and access your passwords and other browser data.
To enable or change sync settings, open the Firefox menu, select Options, and select the Sync tab.
Verify that security options are enabled
Like other popular browsers, Firefox includes some basic security and privacy settings. Though most are enabled by default, you should ensure they haven't been disabled.
Start by opening the Firefox menu and selecting Options. In the Options window, select the Security tab. Ensure that the first option, Warn me when sites try to install add-ons, is enabled to help prevent sites from automatically installing add-ons, as some can be dangerous. Then ensure that the next two options, Block reported attack sites and Block reported web forgeries, are also checked to help enable protection against malware and phishing.
Next, select the Privacy tab. And if you want more privacy online, select the first option, Tell websites I do not want to be tracked, which isn't enabled by default. Although it can't prevent all tracking, it will reduce tracking by those sites that support this type of option.
Now, select the Content tab. To prevent pop-up windows that can be annoying and even contain phishing ads, ensure that the first option is enabled: Block pop-up windows.
Lastly, select the Advanced tab, select the Update subtab, and ensure that Automatically install updates is selected.
Use add-ons for more protection
Consider installing these security-related add-ons for extra protection:
Adblock Plus blocks banners, pop-ups, and video advertisements on websites to reduce clutter and the resulting annoyance; they can even reduce accidentally stumbling upon adware, malware, and phishing attacks.
Web of Trust (WOT) shows the user ratings of sites and blocks dangerous sites--such as those with malware--to increase safe surfing, shopping, and searching on the Web.
HTTPS Finder automatically detects and enforces HTTPS/SSL-encrypted connections when available--great in helping to reduce the chances of an eavesdropper on a Wi-Fi network from capturing your login details.
Xpnd.it! short URL expander allows you to hover over shortened links to see the real URL and other basic information about the site so you know where it leads before clicking.
Check and update plug-ins
Cyber criminals regularly use vulnerabilities in popular browser plug-ins (like Java and Adobe products) to infect and invade computers. Most plug-ins regularly release updates to patch security holes. Many plug-ins are set by default to update automatically or at least to notify you of them. However, it's a good idea to check periodically for updates. Consider using the Mozilla plug-in checker or third-party sites like Qualys BrowserCheck for updates for other browsers.
A little vigilance goes a long way
Firefox is pretty secure on its own, but you can make it even more secure with the right settings and add-ons. Good password management remains essential, too: Create and enable a strong master password so others can't use or view your passwords. And if you use the syncing feature to synchronize your passwords and browser data across devices, use a strong password to prevent others from syncing. Finally, keep tabs on your add-ons and plug-ins to make sure they're giving you the best possible protection.