FIDO2/WebAuthn support for securing a Firefox Account
I'd like to ask if there are plans in the near future to support FIDO2/WebAuthn authentication for Firefox Accounts.
My question is motivated by the fact that right now there's no way to add a secondary MFA option as backup, and the industry-standard backup codes are very clunky to store safely and use in general.
Losing access to the MFA for an account which hosts all data (and essentially the day to day optimizations of workflows - saved data, bookmarks, etc.) and starting from scratch is a terrifying prospect (I've gone through it before), especially given that Firefox Accounts right now does not have any recovery options after that point.
It would be beneficial if one would be able to add, for instance, a pair of FIDO2 keys for this purpose, or even more broadly speaking any other WebAuthn providers (like Windows Hello). Those would not only provide a better security standard, but also better failover options.
I'm sorry if this is not the right place, but I've not found a dedicated forum for Firefox Accounts issues specifically - please direct me there if there's one.
Best regards, Artur Ciesielski
All Replies (2)
No that is beyond Firefox security settings itself. You choices are password resets or 2FA those are you only choices. Firefox is a limited non-profit support Browser so they are limited to how they implement securities when login to Firefox account. You should do your own parodical backups of profiles and bookmarks, logins to prevent data loss. This is up to the use to do not for Firefox to do. https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them https://support.mozilla.org/en-US/kb/export-login-data-firefox https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles https://support.mozilla.org/bm/questions/1271699 You'll probably want to do this on regularly basis to prevent data loss.
That is not exactly an answer to my question. I understand this is outside of the scope of the browser itself, but there's no technological boundary to making this happen.
I'm perfectly capable of exporting the browser data (thank you for the links), and I am doing my best to keep the backup codes safe - but WebAuthn is not a proprietary standard and the browser itself already supports the necessary core feature, so it's a matter of implementing WebAuthn as an MFA strategy for the Firefox Accounts/Sync service itself.
Like I said, I undestand this might be outside of the scope, but if there's a better place for such a request please direct me there (maybe the Firefox Sync forum?) - I don't think the request itself is unreasonable.
Best regards, Artur
There has been a choice for TOTP, but other like WebAuthn might still be considered in the future.
- 1379677 - Implement multi-factor authentication on Firefox Accounts (MFA/2FA)
(please do not comment in bug reports