If I use a good Master Password in Firefox, is security improved when I Remember Passwords instead of re-type?

You have been very thorough in considering downsides and benefits.

Using master password in Firefox or other browser is usually acceptable compromise. Nevertheless, there is no care free approach for dealing with passwords. (Convenience vs. security.)

Earlier question How secure are my passwords in the hands of Firefox using a Master Password? gives some guidance it says: most likely secure, but I would not use.

My advice is opposite: if you cannot remember a lot of hard to remember passwords or passphrases, using browser to remember (and in some cases generate) your passwords can be a good compromise.

As far as banking goes: many banks use two factor authentication (such as ID, password + number from single use password list). I don't use banks/brokers/etc. which allow using them with just ID+password, as such authentication info get leaked too easily.

Anyway, if there are high security passwords, I would memorize them in my head.

Key logger

In case of key logger, master password does not fully protect against them, because key logger will then record master pass.

Passwords in your head

If you can remember unique password for each site you use, each password having very large amount of entropy, it is better than remembered passwords (except against key logger).

However, in practice, there is so many site passwords that it is almost impossible to pick very good passwords for each one of them.

Using key store

Key store allows you to use master password to store a lot of passwords. Instead of many good passwords, you need only one good password. This password is supposedly easier to remember as it is often needed. Because of less passwords to remember people afford to use more complex password as master password.

Synchronized passwords

Some applications like Firefox (and Safari and so on) allow you to synchronize your passwords between your devices. Such service is very convenient. Because the synchronization often goes through quite a few servers, all those who can see the traffic may try recovering your passwords. At least the parties who are able to break your master pass most likely get access to all your passwords.


A Firefox Master Password was a good feature introduced, it helps save time for typing every password on every website, as you pointed. There are data files to obtain that password, your saved passwords are encrypted with them.

In answer to your question about the password being in memory, it will stay in memory until you restart your firefox AFAIK, but, if someone tries to access your saved passwords even if it's already in memory, you would be prompted again as you can test, as far as accessing websites, yes, it would still give access if you have saved credentials in them, although there's no way in retrieving any passwords without the master password, that's why it was implemented.

Although it's a good feature, Personally i would recommend using LastPass.

It's a widely-known manager for storing and keeping your passwords "more secure", it has also plugins for different browsers including Firefox that i use. It also has generating "random-secured" passwords with different options and number of characters you'd like. In my opinion that's the safest way you can protect your passwords, and it's easy to setup. It has many features including one to scan your passwords and display how secure are they in a score board between 0 and 100, depending on multiple factors, and suggests how you can improve them.

As long as you protect your password for that site or use the other possible ways of authentication that it provides, including Fingerprint and Card Reader authentication, you must have reader devices of-course.