Mozilla is rolling out support for a two-step authentication process for Firefox Accounts, the credentials system that protects bookmarks, passwords, open tabs and other data synchronized between devices via the Firefox Sync feature.
The feature is being gradually rolled out to users, according to Mozilla engineer Vijay Budhram. The feature is also not SMS code-based.
Instead, the system works with authentication codes produced by standard TOTP (Time-based One-Time Password) apps and services, such as Authy, Duo, Google Authenticator, and others.
As the feature is being rolled out, Firefox users can check their account's Preferences section in the coming weeks and enable it when available. Nonetheless, users can skip the wait and enable it right now by accessing:
When they turn on two-step authentication support, they'll also be provided with a set of recovery codes in case they lose access to the TOTP service.
Users should save these codes in a safe spot (online or offline) for use in cases of emergency to regain access to their accounts.
After enabling 2FA support, every time users log into their Firefox Account, they will have to enter username and password in a first step, and a security code produced by the TOTP service in the second step.
Based on the highly sensitive information stored inside Firefox Accounts —such as passwords— it is highly recommended that users turn on this feature as soon as it becomes available in their account's preferences section.