Mozilla adds “two-step authentication” support for Firefox accounts
Mozilla is launching a two-step verification process for supporting Firefox accounts. The authentication system uses Firefox Sync functionality to protect the synchronization of bookmarks, passwords, open tags, and other data between devices.
According to Mozilla engineer Vijay Budhram, this feature is gradually being promoted to users and it is not based on SMS code.
Instead, the system uses verification code generated by standard TOTP (time-based one-time password) applications and services, such as Authy, Duo, Google Authenticator, and so on.
With the introduction of features, Firefox users can check their account preferences in the coming weeks and enable it when it is available. In addition, the user can skip the wait and enable it immediately by accessing:
https://accounts.firefox.com/settings?showTwoStepAuthentication=true
When users enable support for two-step authentication, they also obtain a set of recovery codes in case they lose access to the TOTP service. Users should keep these codes in a safe place (online or offline) to use them in an emergency to regain access to their accounts.
After 2FA support is enabled, each time a user logs in to their Firefox account, they must enter the username and password in the first step, and the security code generated by the TOTP service in the second step.
Because Firefox accounts store highly sensitive information (such as passwords), it is highly recommended that users turn on immediately when their account’s preferences are available.
Source: Mozilla