Anyone may create a Firefox Account. The account is used for a number of purposes such as syncing browser data between different profiles or devices, commenting or rating add-ons on Mozilla's add-on site, and other interactions with Mozilla and Firefox services.

Firefox Accounts did not support two-factor authentication up until now but that changes with yesterday's announcement by Mozilla.

Starting today, we are beginning a phased rollout to allow Firefox Accounts users to opt into two-step authentication. If you enable this feature, then in addition to your password, an additional security code will be required to log in.

Two-step authentication adds a second step to the sign in process. Instead of signing in with username and password only, users are required to provide a code in a second authentication step to complete the process.

Mozilla selected the Time-based One-Time Password authentication standard which is support by numerous authentication applications such as Google Authenticator or Authy.

Tip: You can protect other accounts using two-step verification as well including Amazon Accounts, LastPass data, Instagram accounts, Microsoft accounts, Facebook logins, Google Accounts, WhatsApp accounts, and Twitter, WordPress, Tumblr, Dropbox and Linkedin accounts.

Enable Two-Step Authentication for your Firefox Account

You may not see the new Two-step authentication option if you open the Firefox Account settings page right now as Mozilla decided to roll out the feature over time.

You can load https://accounts.firefox.com/setting...ntication=true, however, to unlock it for your account right now. When you visit the URL, you will see the new Two-step authentication option on the Firefox Account preferences page.

Select the "enable" button next to the feature to start the configuration process. A QR code is displayed on the page afterward that you need to scan using one of the supported authenticator applications.

Authy users need to select Menu > Add Account, and then Scan QR Code to scan the code and generate the first two-step authentication codes for verification.

Once you have typed the code to verify the setup, you are presented with a set of recovery codes. These codes are one-time use only and designed to provide access if you lose access to the mobile device or authentication application account.

You can download the codes to your local system, copy them, or print them right then and there (it is also possible to use copy and paste to copy them, or create a screenshot of them).

Img

The preferences page should display enabled under "current status". You find options to generate new recovery codes and to disable two-step authentication again on the page after you have configured the second authentication step for the Firefox account.

What happens when you sign in to a Firefox account?

When you sign in to a Firefox account after enabling two-step authentication, you are asked to supply a code after you enter the username and password of the account.

You need to open the authentication application that you configured two-step verification in for the Firefox account and type the code that it presents to you in the code field to verify account ownership.

You may use the "use recovery code" option if you don't have the mobile device or application near you.