ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Secure your Firefox account with two-step authentication

Mozilla has announced that it now supports two-step (also known as two factor or 2FA) authentication for Firefox accounts.

"Starting on 5/23/2018, we are beginning a phased rollout to allow Firefox Accounts users to opt into two-step authentication. If you enable this feature, then in addition to your password, an additional security code will be required to log in.

Mozilla has chosen the popular Time-based One-Time Password (TOTP) authentication standard as its vehicle for doing this. TOTP codes are generated in an authenticator app such as Google Authenticator, Authy, Duo, or open source andOTP.

Single-use recovery codes are also supported in case the dog eats your phone or something.

We recommend that Firefox users who rely on the browser’s built-in password manager, in particular, should consider enabling 2FA to improve the security of their accounts.

What is 2FA?

One-factor authentication is something you know. For example your username and password. Two-factor authentication is something additional that you have. In this case, it’s your phone.

It is very unlikely that a hacker will be able to discover both your username/password and gain access to your phone. 2FA therefore greatly improves the security of any accounts protected by it. Check out our what is 2fa guide for more information about it.

How to protect your Firefox account using 2FA

Long-term readers of these pages will know that I am a fan of open source software solutions. Especially when it comes to security software. andOTP is an open source TOTP-compatible authenticator available for Android.

The process outlined below, however, is similar no matter which app or platform you use. If you do also use andOTP, this page offers advice from its developer on setting it up. Note that Android’s security policy prevents me from taking screenshots of the andOTP app in action.

1. Enable 2FA in Firefox

Go to Options -> Firefox Account -> Manage Account -> Two-step authentication -> Enable.

firefox 2fa 1

Mozilla is rolling out 2FA over a period of time, so you may not see this option in Firefox Accounts yet. If you don’t, then simply click this link in Firefox to enable it.

2. You will be given a QR code to scan into your authenticator app. In andOTP click on the + icon to the bottom tight -> Scan-QR code. You will be given a Security code that you must enter into Firefox. Then hit "Confirm.”

firefox 2fa 2

3. And ta-da! That’s it all setup. You should see confirmation that 2FA is enabled (and receive a confirmation email from Mozilla).

firefox 2fa 3

You will also be given some one-use recovery codes. You can enter each of these once, instead of generating new codes in your authenticator app. Keep them safe!!! I store mine in an encrypted KeePass password manager file.

4. Whenever you sign into your Firefox Account (for example when you install Firefox onto a new device) you will be asked to provide a security code after you have entered your username and password.

firefox 2fa 4

Just open your authenticator app, look for the Firefox Accounts entry, and enter the code within the allotted time. Easy!

Conclusion

Using two-factor authentication will make your Firefox account much more secure, and only takes few minutes to set up. There really is very little reason not to do it, and a whole bunch of reasons you should…

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service