Comparar edições
Secure your Mozilla account with Two-Step Authentication
Edição 298003:
Edição 298003 de v.pomerleau em
Edição 300044:
Edição 300044 de Mozinet em
Palavras-chave:
Resumo em resultado de pesquisas:
Secure your Mozilla account with Two-Step Authentication. Learn more here.
Secure your Mozilla account with Two-Step Authentication. Learn more here.
Conteúdo:
Two-step authentication, also known as two-factor authentication (2FA), adds an extra layer of security to your Mozilla account. Even if someone gets hold of your password, they won’t be able to access your account without a second factor of authentication. This second factor ensures that your account stays protected, even in the case of compromised credentials. By enabling 2FA, you greatly reduce the risk of unauthorized access, helping keep your personal data and browsing history safe.
__TOC__
=How to set up two-step authentication=
#Sign in to your [https://accounts.firefox.com Mozilla account] and enable two-step authentication in the security section to enable this feature.
#Set up an authenticator app. Use a trusted app like Google Authenticator ([https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 Android], [https://apps.apple.com/us/app/google-authenticator/id388497605 iOS & macOS]) or Twilio Authy Authenticator ([https://play.google.com/store/apps/details?id=com.authy.authy Android], [https://apps.apple.com/us/app/twilio-authy/id494168017 iOS & macOS]) to generate codes for signing in and be sure to download your backup authentication codes.
#*For more information on enabling two-step authentication, head over to [[Set up two-factor authentication on your Mozilla account]].
=Recovery options for two-step authentication=
If you lose access to your authenticator app or device, recovery methods ensure you can regain access to your account.
==Recovery methods during 2FA setup==
To enable two-step authentication (2FA) on your Mozilla account, you must set up at least one recovery method—either backup authentication codes or a recovery phone. If you do not complete setup of a recovery method, 2FA will not be enabled, even if you complete other steps.
Some users may be prompted to choose between backup codes and a recovery phone number when initially setting up 2FA. If you choose to set up a recovery phone, you will not automatically receive backup codes. However, you can add or switch recovery methods at any time through your account settings once 2FA is enabled.
==Backup authentication codes==
When you set up 2FA and choose backup codes as your recovery method, you’ll receive a set of 10-character backup authentication codes to save in a secure location. Each code can be used once to sign in to your account if you lose access to your authenticator app.
Note: These are not the same as [[Reset your Mozilla account password with Recovery Keys#w_generate-and-store-your-account-recovery-key|account recovery keys]] (related to sync data recovery) or one-time codes sent by email or SMS.
*'''How to access:''' You can view and download your backup authentication codes when you set up two-step authentication. If you lose them, you can generate a new set from your [https://accounts.firefox.com/settings#two-step-authentication account settings].
*'''Pro tip:''' Store these codes in a secure location like a password manager or a physical safe.
==Recovery phone==
This feature, initially available to users in the US and Canada, allows you to add a recovery phone number to your account. If you lose access to your authenticator app, you can request a one-time password (OTP) via SMS to regain access to your Mozilla account.[[Template:progressiverollout]]
'''How to add a recovery phone:'''
You can add a recovery phone either during initial two-step authentication (2FA) setup or afterward in your Mozilla account settings.
*'''During initial 2FA setup'''
If eligible, you will be prompted to choose between backup authentication codes and recovery phone during 2FA setup. Select “Recovery phone” and follow the steps to enter your phone number and verify it with a one-time password (OTP) sent by SMS.
*'''After 2FA setup'''
#Go to the [https://accounts.firefox.com/settings#security Security section] of your Mozilla account settings.
#Under Two-step authentication, look for the Recovery phone option.
#Add your phone number and verify it by entering the OTP sent to your phone.
'''Note''': If you don’t see the option for a recovery phone, it means the feature is not currently available for your account.
'''Important:''' Your recovery phone number should belong to you and be kept up to date to ensure you can regain access to your account.
===Changing or adding recovery methods===
After enabling 2FA, you can always add, remove, or switch between backup codes and recovery phone in your Mozilla account settings.
===Comparing recovery methods for two-step authentication===
{|
|+
!Feature!!Backup authentication codes (Safest)!!Recovery phone (Easiest)
|-
|Availability||Global||Canada and USA only
|-
|Usage||One-time use per code||One-time use per code, valid for 5 minutes
|-
|Ease of access||Requires access to pre-stored codes, risk of losing the codes||Convenient if phone available, but requires active network connection
|-
|Security||Risk if codes lost or stored in unsecured location||Vulnerable to SIM swap attack
|}
===Understanding SIM swap risk===
SIM swap attacks occur when a malicious actor convinces your mobile carrier to transfer your phone number to their SIM card. Once they have control of your phone number, they can intercept messages, including one-time passwords (OTPs), used for account recovery. This makes phone-based recovery methods more vulnerable than offline options like backup authentication codes.
To mitigate SIM swap risks, ensure your mobile carrier account is secured with a strong password and, if available, its own two-step authentication (2FA).
Most major cellular providers publish steps you can take to protect your devices on their help centers. You can find a few below.
*[https://about.att.com/pages/cyberaware/ni/blog/sim_swap AT&T: What You Need to Know About SIM Swap Scams – AT&T Cyber Aware]
*[https://www.verizon.com/about/account-security/sim-swapping Verizon: What is a SIM Swapping Scam? Protect Your Device Against SIM Hackers]
*[https://www.t-mobile.com/support/plans-features/help-with-t-mobile-account-fraud T-Mobile: Protect your T-Mobile account from fraud]
*[https://www.rogers.com/support/cyber-security/fraud-scams/port-fraud-and-sim-swaps Rogers: Port fraud and SIM swaps]
*[https://www.telus.com/en/wise/resources/content/article/sim-swap-scam-what-you-should-know TELUS: SIM swap scam: what you should know]
*[https://support.bell.ca/billing-and-accounts/security_and_privacy/how-to-protect-yourself-from-telecom-fraud Bell: How to protect yourself from telecom fraud]
==Best practices for account security==
*Use a [[Choose a strong password|strong, unique password]] for your Mozilla account and associated email accounts.
*[[Set up two-factor authentication on your Mozilla account|Enable two-step authentication]] and keep your recovery options updated.
*Regularly review your account’s security settings; see [[Review your Mozilla account activity and protect your data]].
By taking these steps, you’ll ensure your Mozilla account remains secure and protected from unauthorized access.
Two-step authentication, also known as two-factor authentication (2FA), adds an extra layer of security to your Mozilla account. Even if someone gets hold of your password, they won’t be able to access your account without a second factor of authentication. This second factor ensures that your account stays protected, even in the case of compromised credentials. By enabling 2FA, you greatly reduce the risk of unauthorized access, helping keep your personal data and browsing history safe.
__TOC__
=How to set up two-step authentication=
#Sign in to your [https://accounts.firefox.com Mozilla account] and enable two-step authentication in the security section to enable this feature.
#Set up an authenticator app. Use a trusted app like Google Authenticator ([https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 Android], [https://apps.apple.com/us/app/google-authenticator/id388497605 iOS & macOS]) or Twilio Authy Authenticator ([https://play.google.com/store/apps/details?id=com.authy.authy Android], [https://apps.apple.com/us/app/twilio-authy/id494168017 iOS & macOS]) to generate codes for signing in and be sure to download your backup authentication codes.
#*For more information on enabling two-step authentication, head over to [[Set up two-factor authentication on your Mozilla account]].
=Recovery options for two-step authentication=
If you lose access to your authenticator app or device, recovery methods ensure you can regain access to your account.
==Recovery methods during 2FA setup==
To enable two-step authentication (2FA) on your Mozilla account, you must set up at least one recovery method – either backup authentication codes or a recovery phone. If you do not complete setup of a recovery method, 2FA will not be enabled, even if you complete other steps.
Some users may be prompted to choose between backup codes and a recovery phone number when initially setting up 2FA. If you choose to set up a recovery phone, you will not automatically receive backup codes. However, you can add or switch recovery methods at any time through your account settings once 2FA is enabled.
==Backup authentication codes==
When you set up 2FA and choose backup codes as your recovery method, you’ll receive a set of 10-character backup authentication codes to save in a secure location. Each code can be used once to sign in to your account if you lose access to your authenticator app.
{note}'''Note:''' These are not the same as [[Reset your Mozilla account password with Recovery Keys#w_generate-and-store-your-account-recovery-key|account recovery keys]] (related to sync data recovery) or one-time codes sent by email or SMS.{/note}
*'''How to access:''' You can view and download your backup authentication codes when you set up two-step authentication. If you lose them, you can generate a new set from your [https://accounts.firefox.com/settings#two-step-authentication account settings].
*'''Pro tip:''' Store these codes in a secure location like a password manager or a physical safe.
==Recovery phone==
This feature, initially available to users in the US and Canada, allows you to add a recovery phone number to your account. If you lose access to your authenticator app, you can request a one-time password (OTP) via SMS to regain access to your Mozilla account.[[Template:progressiverollout]]
'''How to add a recovery phone'''<br><br>You can add a recovery phone either during initial two-step authentication (2FA) setup or afterward in your Mozilla account settings.
*'''During initial 2FA setup'''<br>If eligible, you will be prompted to choose between backup authentication codes and recovery phone during 2FA setup. Select '''Recovery phone''' and follow the steps to enter your phone number and verify it with a one-time password (OTP) sent by SMS.
*'''After 2FA setup'''
*#Go to the [https://accounts.firefox.com/settings#security Security section] of your Mozilla account settings.
*#Under Two-step authentication, look for the Recovery phone option.
*#Add your phone number and verify it by entering the OTP sent to your phone.
{note}'''Note''': If you don’t see the option for a recovery phone, it means the feature is not currently available for your account.{/note}
{warning}'''Important:''' Your recovery phone number should belong to you and be kept up to date to ensure you can regain access to your account.{/warning}
===Changing or adding recovery methods===
After enabling 2FA, you can always add, remove, or switch between backup codes and recovery phone in your Mozilla account settings.
===Comparing recovery methods for two-step authentication===
{|
|+
!Feature!!Backup authentication codes (Safest)!!Recovery phone (Easiest)
|-
|Availability||Global||Canada and USA only
|-
|Usage||One-time use per code||One-time use per code, valid for 5 minutes
|-
|Ease of access||Requires access to pre-stored codes, risk of losing the codes||Convenient if phone available, but requires active network connection
|-
|Security||Risk if codes lost or stored in unsecured location||Vulnerable to SIM swap attack
|}
===Understanding SIM swap risk===
SIM swap attacks occur when a malicious actor convinces your mobile carrier to transfer your phone number to their SIM card. Once they have control of your phone number, they can intercept messages, including one-time passwords (OTPs), used for account recovery. This makes phone-based recovery methods more vulnerable than offline options like backup authentication codes.
To mitigate SIM swap risks, ensure your mobile carrier account is secured with a strong password and, if available, its own two-step authentication (2FA).
Most major cellular providers publish steps you can take to protect your devices on their help centers. You can find a few below:
*[https://about.att.com/pages/cyberaware/ni/blog/sim_swap AT&T: What You Need to Know About SIM Swap Scams – AT&T Cyber Aware]
*[https://www.verizon.com/about/account-security/sim-swapping Verizon: What is a SIM Swapping Scam? Protect Your Device Against SIM Hackers]
*[https://www.t-mobile.com/support/plans-features/help-with-t-mobile-account-fraud T-Mobile: Protect your T-Mobile account from fraud]
*[https://www.rogers.com/support/cyber-security/fraud-scams/port-fraud-and-sim-swaps Rogers: Port fraud and SIM swaps]
*[https://www.telus.com/en/wise/resources/content/article/sim-swap-scam-what-you-should-know TELUS: SIM swap scam: what you should know]
*[https://support.bell.ca/billing-and-accounts/security_and_privacy/how-to-protect-yourself-from-telecom-fraud Bell: How to protect yourself from telecom fraud]
==Best practices for account security==
*Use a [[Choose a strong password|strong, unique password]] for your Mozilla account and associated email accounts.
*[[Set up two-factor authentication on your Mozilla account|Enable two-step authentication]] and keep your recovery options updated.
*Regularly review your account’s security settings; see [[Review your Mozilla account activity and protect your data]].
By taking these steps, you’ll ensure your Mozilla account remains secure and protected from unauthorized access.