Mozilla will require all Firefox extension developers to enable two-factor authentication

Mozilla introduced this week that every one Firefox extension builders should allow two-factor authentication (2FA) for his or her accounts. “From the start of 2020, extension builders might want to allow 2FA on AMO (,” Caitlin Neiman, Mozilla Extension Group Supervisor, wrote on the official weblog. “That is to stop malicious attackers from controlling reputable extensions and their customers.”

FireFox 71

When this occurs, hackers can use the developer’s account to ship contaminated extension updates to Firefox customers. Attackers can even use corrupt extensions to steal passwords, authentication/session cookies, monitor customers’ looking habits, or redirect customers to phishing pages or malware obtain websites, and extra. Some of these occasions typically fall below “provide chain assaults”. When this occurs, finish customers can not detect whether or not the extension replace is malicious, particularly when the contaminated replace comes from the official Mozilla AMO, a supply that every one Firefox customers take into account protected.

Two-factor authentication (2FA) provides one other step within the login course of to show the consumer’s true identification. This will add a layer of safety to the account. There have been no circumstances of hijacked AMO accounts focusing on Firefox extensions lately. However, there have been many circumstances of assault on Chrome extensions. Builders of Chrome extensions typically deal with assaults from phishing emails. These hackers often attempt to entry Chrome’s Net Retailer account.

Typically, any such assault is principally focused at Chrome extension builders. It’s because Chrome browsers have a 65% -70% market share. Solely 10% of Firefox is comparatively much less engaging to attackers. Nevertheless, Mozilla is cautious sufficient to take preemptive motion. Mozilla advises that customers can observe the directions at to allow two-factor authentication (2FA) for his or her account earlier than the brand new guidelines take impact.


Source link