Here on the blog we have released a lot of news about Mozilla and the movements to perform regarding your Firefox web browser and it is that among several of the news that we share such as the Mozilla announcement where prohibit hidden code in extensions due to the large number of extensions with malicious code or also the case that it will no longer allow the plug-in pre-installation.
Of these movements from Mozilla, the company has made them in order to protect the user In addition, we cannot ignore the great work of Mozilla to improve privacy and the user experience throughout this year.
And is that the fact of making mention of all this, It derives from the new news by Mozilla where it announces that the AMO accounts that are integrated with Firefox accounts, allowing you to manage multiple Mozilla services from a single connection.
Now it will demand from plugin developers what will they have to use two-factor authentication (2FA) from next year (practically already).
This new Mozilla move It does so in order to prevent unauthorized persons from accessing the developer's account. of plugins (even if they get your password) and thus prevent some malicious person can introduce a modified version of some plugin (Although Mozilla already prohibits the use of hidden code).
Since this may be a response to attacks what were done to Google Chrome extension developers, since these were victims of phishing attacks last year, in which they took control of your accounts and then released fake updates for the extensions.
Although in a matter of attacks on Google developers it is more than obvious since the use of Google Chrome is far above Firefox and generally hackers tend to attack the most popular systems or software.
This Mozilla measure is not bad and the possibility of such a case happening in the accounts of developers of Firefox add-ons is anticipated difficulty.
Two-step verification adds more security by making it difficult for someone else to log into your account, especially if your password has been stolen. When you turn on two-step verification, when you try to connect to your account with your password, Firefox also prompts for a verification code provided by an authenticating application to have proof that it really is from you.
Thus Mozilla strongly recommends enabling two-factor authentication since the latter provides an additional layer of security to the accounts by adding an additional step to the connection process to demonstrate the user's authenticity.
If hackers compromised developer accounts, they could send corrupted add-on updates to Firefox users. Since Firefox add-ons have a fairly privileged position in the browser, an attacker can use a compromised add-on to steal passwords, authentication / session cookies, spy on a user's browsing habits, or redirect users to phishing pages or malware download sites.
Mozilla's Caitlin Neiman said in the blog post:
“Starting in 2020, extension developers will need to activate 2FA in AMO. This is intended to prevent malicious actors from taking control of legitimate plugins and their users. 2FA will not be required for submissions using the AMO Download API.
“Before this requirement goes into effect, we will work closely with the Firefox account team to ensure that the 2FA setup and AMO login experience are as seamless as possible. Once this requirement goes into effect, developers will be invited to activate 2FA when they make changes to their plugins.
If you want to know more about it you can check the note in the following link.