Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

When does Firefox Sync add 2-factor authentication?

  • 6 replies
  • 3 have this problem
  • 1 view
  • Last reply by jer73

more options

I would like to increase security to the Firefox account that holds all my passwords. Two-factor authentications seems a logical extra layer of protection that has become more and more common (google, dropbox, evernote). Having a smartphone with a number generator or receiving an SMS would do the trick. A bonus would be to add trusted devices so 2-factor authentication is only asked for new devices. What are the plans for this for Firefox Sync? Before switching to the 'new Sync' this needs to be solved!

I would like to increase security to the Firefox account that holds all my passwords. Two-factor authentications seems a logical extra layer of protection that has become more and more common (google, dropbox, evernote). Having a smartphone with a number generator or receiving an SMS would do the trick. A bonus would be to add trusted devices so 2-factor authentication is only asked for new devices. What are the plans for this for Firefox Sync? Before switching to the 'new Sync' this needs to be solved!

All Replies (6)

more options

hello, 2-factor authentication is currently not a planned feature of firefox accounts as far as i'm aware. since this is a primarily community-run support forum, it's probably not the right place to request features (we cannot implement any features & devs won't read here). please either use https://input.mozilla.org/feedback for general feedback or if you feel that it's a missing feature, file a bug at bugzilla.mozilla.org.

more options

Philipp, thanks. I voted for 'Support OTP' (one-time password) on bugzilla. https://bugzilla.mozilla.org/show_bug.cgi?id=1000620. Pls vote here as well, since I really think Firefox is missing out on this important feature!




moderator fixed the broken hyperlink

Modified by the-edmeister

more options

there's bug 638905 as well which hasn't seen movement for quite a while unfortunately...

more options

philipp said

there's bug 638905 as well which hasn't seen movement for quite a while unfortunately...

2011-03-04 "Every client that accesses/modifies records for a given sync account has the user's password and their sync key. Right now, only the password is used to authenticate the user. The sync key could be used to additionally authenticate the user."

That Bug was filed on the previous version of Sync - the current version of Sync works differently - no "Sync key".

more options

There is still a Sync key, but it isn't exposed to the user.

more options

The previous model used 'something you have' (your other device) without 'something you know'. I would like to have both. I really think that a lot more users would like this enhanced (or should I call it standard) security. Username+pwd is not safe any more in 2015!