When does Firefox Sync add 2-factor authentication?
I would like to increase security to the Firefox account that holds all my passwords. Two-factor authentications seems a logical extra layer of protection that has become more and more common (google, dropbox, evernote). Having a smartphone with a number generator or receiving an SMS would do the trick. A bonus would be to add trusted devices so 2-factor authentication is only asked for new devices. What are the plans for this for Firefox Sync? Before switching to the 'new Sync' this needs to be solved!
All Replies (6)
hello, 2-factor authentication is currently not a planned feature of firefox accounts as far as i'm aware. since this is a primarily community-run support forum, it's probably not the right place to request features (we cannot implement any features & devs won't read here). please either use https://input.mozilla.org/feedback for general feedback or if you feel that it's a missing feature, file a bug at bugzilla.mozilla.org.
Philipp, thanks. I voted for 'Support OTP' (one-time password) on bugzilla. https://bugzilla.mozilla.org/show_bug.cgi?id=1000620. Pls vote here as well, since I really think Firefox is missing out on this important feature!
moderator fixed the broken hyperlink
Ilungisiwe
there's bug 638905 as well which hasn't seen movement for quite a while unfortunately...
philipp said
there's bug 638905 as well which hasn't seen movement for quite a while unfortunately...
2011-03-04 "Every client that accesses/modifies records for a given sync account has the user's password and their sync key. Right now, only the password is used to authenticate the user. The sync key could be used to additionally authenticate the user."
That Bug was filed on the previous version of Sync - the current version of Sync works differently - no "Sync key".
There is still a Sync key, but it isn't exposed to the user.
The previous model used 'something you have' (your other device) without 'something you know'. I would like to have both. I really think that a lot more users would like this enhanced (or should I call it standard) security. Username+pwd is not safe any more in 2015!