Two-step authentication (also known as two-factor authentication or 2FA) adds an extra layer of protection to your Mozilla account, especially if your password is compromised.

Once enabled, signing in requires both your password and a unique authentication code generated by an authenticator app. This prevents unauthorized access to your account even if someone knows your password.

How do I enable two-step authentication?

Step one

Before you get started, install the authenticator application of your choice. Here are some options (this is not an exclusive list of supported applications):

• Ente Auth: GitHub (Windows, Linux, Android & macOS), App Store (iOS), Google Play & F-Droid (Android). The basic web version is only for those who downloaded the above apps. Includes backups.
• Zoho OneAuth: Android, iOS & macOS, Windows. Includes backups.
• Twilio Authy Authenticator: Android, iOS & macOS. Includes backups.
• Google Authenticator: Android, iOS & macOS.
• Duo Mobile: Android, iOS & macOS.
• FreeOTP: Android, iOS & macOS.
• KeepassXC: Linux, macOS, Windows.

Step two

Now that one of the applications is installed, you can set up two-step authentication for your Mozilla account:

1. Sign in to your Mozilla account, then open your Mozilla account settings. Alternatively, click your Mozilla account in the Firefox toolbar and select Manage account.
   • You can also click the menu button in Firefox, select your Mozilla account, and then click Manage account.
2. On the Mozilla accounts page, under Security, click the Add button next to Two-step authentication.
3. Open the authenticator app of your choice and scan the QR code that appears on your computer.

   

   • You can also click Can’t scan code? to display a code you can enter manually into your authenticator app.

   Tip: If you are entering the code manually on Authy, search Mozilla to get the latest logo.

4. Enter the code generated by the authenticator app into the field below the QR code, and click Continue.

   

Step three – Save and confirm backup authentication codes

1. A list of one-time use backup authentication codes will be displayed. These codes can be used in the event you lose access to the authenticator app you just set up. Saving these codes is required to complete setup of two-step authentication for your Mozilla account.

   

   Important: If you lose access to your authenticator app, haven't saved your backup authentication codes, or haven’t set up a recovery phone, you will be locked out of your account and won’t be able to access your synced data, including saved passwords, bookmarks and settings. Download or print your backup authentication codes, and keep them in a safe place.

2. Save the backup authentication codes, and click Continue.
3. Paste one of the codes to confirm that you have saved them (if you haven't, click the arrow on the left to go back to the list of codes).

   

4. Click Finish.

The setup of two-step authentication on your Mozilla account is now complete!

(Optional) Enable a recovery phone – Receive recovery codes via SMS

A new optional feature, initially available to users in the US and Canada, allows you to add a recovery phone number to your account. If you lose access to your authenticator app, you can request a one-time password (OTP) via SMS to regain access to your Mozilla account.

Adding a recovery phone as a recovery method for two-step authentication (in addition to backup authentication codes) may be available if you meet the following criteria:

• Two-step authentication is already enabled for your Mozilla account.
• You have saved your backup authentication codes.
• You are located in the USA or Canada.

Follow the steps below to set up your recovery phone number:

1. On the Mozilla accounts page, under Security, click the Add button next to Recovery phone.

   Note: this option will be enabled if you meet the criteria listed above.

2. Enter your phone number.
3. Click the Send code button to receive the verification code in a text message to confirm your number.

   

4. Enter the six-digit code, and click Confirm.

   

5. Recovery phone will now be available as a recovery method in the event that you can’t use your authenticator app to sign in. Rate limits may apply.

   

How to change your recovery phone number

You can change your recovery phone number from your Mozilla account settings. Follow the steps below to learn how.

1. Sign in to your Mozilla account, then open your Mozilla account settings.
2. In the Security section, go to Recovery Phone.
3. Click the button.
4. You will have to confirm that you want to have the recovery phone removed. Please note, you will not be able to remove your recovery phone if you do not have any remaining backup authentication codes. If you do not have any, you will need to generate more.
5. Follow the steps for Enable a recovery phone above.

Done! Your recovery phone number has been successfully updated.

Related articles

• What if I'm locked out of Two-Step Authentication?
• Change your two-step authentication device for your Mozilla account
• Review your Mozilla account activity and protect your data