Viewing saved logins should require a different unlock method than the one set to unlock the phone

[klint]

What is the user problem or growth opportunity you want to see solved?

Many user set their protection method at phone level to biometrics (face or fingerprints) for convenience.
Yet, this is an unsecure way of protection (face can be faked with a picture easily, and fingerprints can be taken without the consent of the user in special circumstances - sleep, drug, hangover...).
In this case, Fenix should offer another layer of protection when viewing passwords (like password/schema in addition to biometrics, or alone...)

Actually, more globally, saving passwords in Fenix should require different method than the one set to unlock the phone.

Who will benefit from it?

All users who save logins in Fenix and want them to be more secure there.

┆Issue is synchronized with this Jira Task

[s-ankur]

Actually, you should not rely on the security at all. If you open a website with a saved password, then firefox will fill out the password for you without ever asking you for any authentication.

[klint]

I agree and that is another problem. But viewing the passwords may be worse as it does not leave any trace and it can be used after the theft, on another device in a different time.
This ticket is only about password theft actually.

[kbrosnan]

#14501 (comment) outlines the teams stance on this. Closing as we don't want to do this.