Mozilla announced this week that all Firefox extension developers must enable two-factor authentication (2FA) for their account.
"From the beginning of the beginning of 2020, developers will need to expand in AMO ( addons.mozilla.org enable 2FA on)," Mozilla extension Caitlin Neiman community manager in the official blog he wrote. "This is to prevent malicious attackers expand their control of the legitimate user."
When this happens, the hacker can send extended update to Firefox users infected using the developer's account. An attacker could also use extended infected to steal passwords, authentication / session cookie, monitoring the user's browsing habits, or redirect the user to a phishing page or malicious software download sites, and so on. These types of events usually referred to as supply chain attack . When this happens, the end user can not detect the expansion update is malicious, especially when an infected update from the official Mozilla AMO-- all Firefox users are considered to be a safe source.
The two-factor authentication (2FA) to prove the true identity of the user by adding additional steps during the login process, can add another layer of security to your account. Mozilla developers decided to extend compulsory enable 2FA, in order to prevent the supply chain attacks may occur.
Although in recent years is not the case for Firefox extension AMO account hijacked, but there are many cases of Chrome extensions hijacked. Chrome extension developers often by phishing e-mail attacks, hackers attempt to try to access their account through the Chrome Web app store these e-mails.
Typically, such attacks aimed Chrome extension developers because Chrome browser market share of 65% -70%. Firefox accounted for only 10% of the attractiveness of the attacker is relatively small. However, Mozilla vigilant enough to take a pre-emptive behavior.
Mozilla informed user can follow support.mozilla.org , enabling two-factor authentication (2FA) for their own accounts before the new rules take effect as described.