Monday, July 23, 2018
  • The Shared Security Weekly Blaze – Lost and Stolen Devices, Instagram and SIM Hijacking, LabCorp Security Breach
  • The MITRE ATT&CK Framework: Initial Access
  • Digging for Security Bugs / Vulnerabilities in Python Applications
  • Cyber Security Roundup for July 2018
  • Robert M. Lee and Jeff Hass’ Little Bobby Comics – ‘Different Hats’

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » Mozilla Rolls Out Two-Step Verification for Firefox Accounts

Mozilla Rolls Out Two-Step Verification for Firefox Accounts

by David Bisson on May 23, 2018

Mozilla announced the rollout of two-step verification (2SV) as an optional security feature for all Firefox user accounts.

The engineers at Mozilla Foundation designed the feature without support for SMS-based codes. They likely did so for the same reasons as Twitter when it moved away from this form of verification in December 2017. Criminals previously found ways to steal users’ SMS text messages, thereby enabling attackers to compromise 2SV-protected accounts. This vulnerability led Twitter to make a change in how it handles login verification.

At the time of this writing, Mozilla’s 2SV feature worked with the support of three authentication mobile apps: Google Authenticator, Duo Mobile and Authy 2-Factor Authentication. It’s unknown whether Mozilla intends to add support for additional applications.

Users who’d like to protect their Firefox accounts with two-step verification should download one of the supported authentication mobile apps from their smartphone’s official app store. They should then click the menu button in Mozilla’s Firefox browser, go to preferences and expand the Two-step authentication section. Alternatively, they can visit https://accounts.firefox.com/settings?showTwoStepAuthentication=true.

When the Two-step authentication section appears, users will have the option of enabling the feature. Clicking the “Enable” button will subsequently display a QR code. Users must scan this code with their authentication mobile apps to add their Firefox accounts.

With that process complete, they will need to obtain obtain a six-digit code from their app and use it to confirm setup. They should then save the 10 recovery codes provided by Firefox in a safe location in case they ever lose access to their authentication mobile app.

The setup process for 2SV on Firefox accounts. (Source: Bleeping Computer)

Going forward, when users attempt to log in to their Firefox accounts, they’ll need to generate a one-time passcode using their verified account on their authentication (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/mozilla-rolls-out-two-step-verification-for-firefox-accounts/

May 23, 2018May 23, 2018 David Bisson 2SV, Firefox, Latest Security News, Mozilla
  • ← JosepCrypt Virus – Remove and Restore .josep Files
  • Researchers Find 274 Vulnerabilities in the Top 50 Android Shopping Apps →
Featured Blog

4 days ago

Why Drupalgeddon 2.0 May Still Be A Threat To Your Website

6 days ago

3 Essential Steps for Your Vulnerability Remediation Process

2 weeks ago

Best Practices for Open Source Governance

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Exposed: Exactis’ Database of 340 Million Consumer Records
McAfee to Advance Cybersecurity AI via the Cloud
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Key Traits Employers Seek from Information Security Professionals
Rome Wasn’t Built in a Day, but This Botnet Was, Using CVE-2017-17215
Survey Finds Breach Discovery Takes an Average 197 Days
Blackgear Cyber Espionage Campaign Abuses Blogs, Social Media Posts
Skype Classic to End Soon – Users Forced to Update to Skype 8
Drupal, Phishing and A New Cryptomining Botnet

Upcoming Webinars

Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Four Current Threats Enterprises Can’t Ignore

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Key Traits Employers Seek from Information Security Professionals
Careers Cybersecurity Industry Spotlight Security Boulevard (Original) 

Key Traits Employers Seek from Information Security Professionals

July 20, 2018 Jane Thomson | 2 days ago 0
It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | 4 days ago 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0

Top Stories

Barracuda Networks Extends WAF Reach to Google Cloud Platform
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Barracuda Networks Extends WAF Reach to Google Cloud Platform

July 20, 2018 Michael Vizard | 2 days ago 0
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Featured Identity & Access Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password

July 20, 2018 Lucian Constantin | 2 days ago 0
McAfee to Advance Cybersecurity AI via the Cloud
Analytics & Intelligence Cybersecurity Featured News Security Boulevard (Original) Spotlight 

McAfee to Advance Cybersecurity AI via the Cloud

July 19, 2018 Michael Vizard | 3 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.