Wednesday, October 17, 2018
  • Spyware Pushers Modify Equation Editor Exploit to Bypass AV Detection
  • Anthem Agrees to $16 Million Settlement Following Compromise of 80 Million Health Records
  • Organisations’ 5 biggest information security concerns
  • Apple, Microsoft, and Google Drop Support for TLS 1.0 and TLS 1.1
  • GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » Mozilla Rolls Out Two-Step Verification for Firefox Accounts

Mozilla Rolls Out Two-Step Verification for Firefox Accounts

by David Bisson on May 23, 2018

Mozilla announced the rollout of two-step verification (2SV) as an optional security feature for all Firefox user accounts.

The engineers at Mozilla Foundation designed the feature without support for SMS-based codes. They likely did so for the same reasons as Twitter when it moved away from this form of verification in December 2017. Criminals previously found ways to steal users’ SMS text messages, thereby enabling attackers to compromise 2SV-protected accounts. This vulnerability led Twitter to make a change in how it handles login verification.

At the time of this writing, Mozilla’s 2SV feature worked with the support of three authentication mobile apps: Google Authenticator, Duo Mobile and Authy 2-Factor Authentication. It’s unknown whether Mozilla intends to add support for additional applications.

Users who’d like to protect their Firefox accounts with two-step verification should download one of the supported authentication mobile apps from their smartphone’s official app store. They should then click the menu button in Mozilla’s Firefox browser, go to preferences and expand the Two-step authentication section. Alternatively, they can visit https://accounts.firefox.com/settings?showTwoStepAuthentication=true.

When the Two-step authentication section appears, users will have the option of enabling the feature. Clicking the “Enable” button will subsequently display a QR code. Users must scan this code with their authentication mobile apps to add their Firefox accounts.

With that process complete, they will need to obtain obtain a six-digit code from their app and use it to confirm setup. They should then save the 10 recovery codes provided by Firefox in a safe location in case they ever lose access to their authentication mobile app.

The setup process for 2SV on Firefox accounts. (Source: Bleeping Computer)

Going forward, when users attempt to log in to their Firefox accounts, they’ll need to generate a one-time passcode using their verified account on their authentication (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/mozilla-rolls-out-two-step-verification-for-firefox-accounts/

May 23, 2018May 23, 2018 David Bisson Firefox, Latest Security News, Mozilla
  • ← JosepCrypt Virus – Remove and Restore .josep Files
  • Researchers Find 274 Vulnerabilities in the Top 50 Android Shopping Apps →
Featured Blog

Fortinet All Blogs

Securing the Multi-Cloud: 3 Steps for Maintaining Control and Visibility

Fortinet All Blogs

Recognizing and Preventing Modern Cyber Scams

Fortinet All Blogs

Financial, Healthcare, Government, and Retail IT Professionals Review Fortinet’s Enterprise Firewall Solution

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Five Eyes Cybersecurity Agencies Release Report on Hacking Tools
Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
5 Tips to Ensure a Secure Cloud Migration
ACT Quickly to Ensure Data Security
Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say
Supply Chain Security 101: An Expert’s View
Millions of Rewarding Jobs: Educating for a Career in Cyber Security
Artificial Intelligence and Machine Learning: The Most Effective Weapons Against Ransomware
How to check if your Facebook account was hacked and what the hackers have on you
Threat Announcement: Phishing Sites Detected on Emoji Domains

Upcoming Webinars

Thu 18

Building Blocks of Secure Development: How to Make Open Source Work for You

October 18 @ 11:00 am - 12:00 pm
Mon 29

Seeing Red: Understanding Red Team Security

October 29 @ 1:00 pm - 2:00 pm
Wed 31

Beyond S3 Buckets – Effective Countermeasures for Emerging Cloud Threats

October 31 @ 11:00 am - 12:00 pm
Nov 07

Operationalizing Data For Fraud Investigations

November 7 @ 1:00 pm - 2:00 pm
Nov 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm
Dec 13

Year-End Review/Predictions

December 13 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Four Current Threats Enterprises Can’t Ignore

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Making Sense of the Senseless AI in Cybersecurity
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) 

Making Sense of the Senseless AI in Cybersecurity

October 17, 2018 Dustin Hillard | 5 hours ago 0
ACT Quickly to Ensure Data Security
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

ACT Quickly to Ensure Data Security

October 16, 2018 Arshad Noor | Yesterday 0
5 Tips to Ensure a Secure Cloud Migration
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

5 Tips to Ensure a Secure Cloud Migration

October 15, 2018 Gilad David Maayan | 2 days ago 0

Top Stories

Spyware Pushers Modify Equation Editor Exploit to Bypass AV Detection
Data Security Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Spyware Pushers Modify Equation Editor Exploit to Bypass AV Detection

October 17, 2018 Lucian Constantin | 32 minutes ago 0
Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say
Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say

October 16, 2018 Lucian Constantin | Yesterday 0
Five Eyes Cybersecurity Agencies Release Report on Hacking Tools
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

Five Eyes Cybersecurity Agencies Release Report on Hacking Tools

October 15, 2018 Lucian Constantin | 1 day ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.