16 December 19, 08:24
(This post was last modified: 16 December 19, 08:24 by harlan4096.)
Quote:Continue Reading
Firefox extension developers need to set up their accounts to support two-factor authentication (2FA) in early 2020 as this is a new requirement that Mozilla has just announced.
Mozilla's reasoning behind the decision is simple: prevent that attackers manage to obtain username and password of extension developers to manipulate the extensions that are offered on Mozilla AMO.
The organization dropped its "Review first - Publish later" model in 2017 in order to deliver updates and new add-on releases faster. While extensions may get reviewed manually after the fact (after publication), there is a time gap between making it available to users and the review; this could allow malicious actors to push unwanted or malicious content to users in form of add-ons if the automated systems that are in place can be bypassed.
Quote:Starting in early 2020, extension developers will be required to have 2FA enabled on AMO. This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users.
The extra layer of security that Mozilla requires from extension developers won't be required for accounts that use the upload API of AMO.
Regular users who maintain accounts on AMO are not required to enable 2FA for their accounts as well. While Mozilla does recommend setting up 2FA for all Firefox accounts, it is not a requirement at this point.
Tip: check out our guide on enabling two-factor authentication in Firefox here.
Once the requirement goes live, developers are asked to enable 2FA for their accounts when they are making changes to their add-ons.
Quote:Before this requirement goes into effect, we’ll be working closely with the Firefox Accounts team to make sure the 2FA setup and login experience on AMO is as smooth as possible. Once this requirement goes into effect, developers will be prompted to enable 2FA when making changes to their add-ons....