0
Image: ZDNet
Mozilla announced today a new recovery option for Firefox Accounts, the user system included inside the Firefox browser. Starting today, users can generate a one-time recover key that will be associated with their account, and which they can use to regain access to Firefox data if users ever forget their passwords.
Firefox Accounts is included with all recent versions of the Firefox browser. Most users are familiar with it because of Firefox Sync, the system that synchronizes Firefox data such as passwords, browsing history, open tabs, bookmarks, installed add-ons, and general browser options between multiple Firefox instances.
But while Sync does the actual synchronization, Firefox Accounts is at the core of Sync and is the system that manages the identities of Firefox users.
Sync works by taking a user’s Firefox account password and encrypting the user’s browser data on the local computer. Only after this data is encrypted is this data sent to Mozilla’s servers for storage, amking sure that Mozilla engineers can’t access this information without the user’s password, which serves as a decryption key.
Also: Just how fast is Firefox Quantum?
In scenarios where a loses a laptop or has his phone stolen, if he installs Firefox on a new device, he can’t download and decrypt his previous browser data without his Firefox account password.
But starting today, Mozilla has rolled out a feature called a “recovery key” for Firefox Accounts. Users can generate a recovery key, which serves as a secondary decryption key for their data, in case they forget their Firefox account password.
The Firefox recovery key is similar to the recovery codes provided during two-factor authentication setup at most online services. Firefox users will have to write them down on a paper, or keep them inside a file (preferably encrypted) somewhere online or on a secondary device.
Mozilla says a recovery key can be used only once, and users will have to generate a new key after they spend the previous one. Instructions on how to generate these keys are provided on this Firefox support page.
Also: Firefox Quantum: A cheat sheet for professionals TechRepublic
But Mozilla also advises that users install Firefox on more than one device, so in the case they lose access to one, they can still use the others to reset passwords or synchronize locally stored data to a new account and make sure the data doesn’t get lost forever.
Earlier this year, in May, Mozilla also rolled out two-factor authentication support for Firefox Accounts. Mozilla didn’t support the somewhat insecure SMS-based 2FA system, but TOTP, or Time-based One-Time Passwords, which can be generated using various authenticator apps.
Related coverage:
Firefox bug crashes your browser and sometimes your PCMozilla releases Firefox Reality, its web browser for VRTor Browser gets a redesign, switches to new Firefox Quantum engineFirefox 62 appears as Mozilla ends support for Windows XPMozilla to block ad trackers on Firefox by default
Related Topics:
Open Source
Security TV
Data Management
CXO
Data Centers
0