Set up two-factor authentication on your Mozilla account

Firefox, Mozilla Account Firefox, Mozilla Account Last updated: 53% of users voted this helpful

Two-step authentication (also known as two-factor authentication or 2FA) adds an extra layer of protection to your Mozilla account, especially if your password is compromised.

Once enabled, signing in requires both your password and a unique authentication code generated by an authenticator app. This helps protect your account even if your password is compromised.

How do I enable two-step authentication?

Step one – Choose an authenticator app

Before you get started, install the authenticator application of your choice. Here are some options (this is not an exclusive list of supported applications):

Note: Some of these apps support backups, which can help if you lose your device.

Step two – Connect your authenticator app

Now that one of the applications is installed, you can set up two-step authentication for your Mozilla account: Add 2fa button

  1. Sign in to your Mozilla account, then open your Mozilla account settings. Alternatively, click your Mozilla account in the Firefox toolbar and select Manage account.
    • You can also click the menu TB68_Hamburger_Menu_Button_Win button in Firefox, select your Mozilla account, and then click Manage account.
  2. On the Mozilla accounts page, under Security, click the Add button next to Two-step authentication.
  3. Open the authenticator app of your choice and scan the QR code that appears on your computer.
    Step 1 of 3
    • You can also click Can’t scan code? to display a code you can enter manually into your authenticator app.
    Tip: If you are entering the code manually on Authy, search Mozilla to get the latest logo.
  4. Enter the code generated by the authenticator app into the field below the QR code, and click Continue.
    Now enter authentication code

Step three – Set up a recovery method

At this step, you’ll be asked to set up a recovery method for your Mozilla account. This is required to complete two-step authentication (2FA) setup.

Most users will see a list of backup authentication codes at this step but, depending on your eligibility, you may see a prompt allowing you to choose between:

  • Backup authentication codes – a list of one-time use codes to save in a secure location.
  • Recovery phone – a phone number that can receive a one-time password (OTP) via SMS if you lose access to your authenticator app.
Important: If you lose access to your authenticator app, haven't saved your backup authentication codes, or haven’t set up a recovery phone, you will be locked out of your account and won’t be able to access your synced data, including saved passwords, bookmarks and settings.

Backup authentication codes

  1. A list of one-time use backup authentication codes will be displayed. These codes can be used in the event you lose access to the authenticator app you just set up.
    Backup codes
  2. Download, copy or print your backup authentication codes, and save them in a safe place. Click Continue.
  3. Paste one of the codes to confirm that you have saved them (if you haven't, click the arrow on the left to go back to the list of codes).
    Step 2 Finish
  4. Click Finish.

The setup of two-step authentication on your Mozilla account is now complete!

Recovery phone

progressive rollout banner This feature is experimental and is being introduced to the Firefox user base through a progressive rollout. It may not yet be available to all users.

A new optional feature, initially available to users in the US and Canada, allows you to add a recovery phone number to your account. If you lose access to your authenticator app, you can request a one-time password (OTP) via SMS to regain access to your Mozilla account.
Enabled 2fa add phone
Security warning: While this provides an additional recovery option, it also comes with the risk of SIM swap attacks. Attackers can trick your mobile carrier into transferring your phone number to a new SIM card, allowing them to receive your 2FA codes and access your account. SMS messages can also be intercepted by certain types of attacks, making them less secure than other 2FA methods.

Follow the steps below to set up your recovery phone number:

  1. Enter your phone number.
  2. Click the Send code button to receive the verification code in a text message to confirm your number.
    Add a recovery phone number
  3. Enter the six-digit code, and click Confirm.
    Enter verification code
  4. Recovery phone will now be available as a recovery method in the event that you can’t use your authenticator app to sign in. Rate limits may apply.
    Recovery phone saved

How to remove your recovery phone number

You can remove your recovery phone number from your Mozilla account settings. Follow the steps below to learn how.

  1. Sign in to your Mozilla account, then open your Mozilla account settings.
  2. In the Security section, go to Recovery Phone.
  3. Click the IG trash button.
  4. You will be asked to confirm that you want to delete your recovery phone number.

Please note that a recovery method is required for 2FA – If you want to remove your phone number, you may need to create a set of backup authentication codes before being allowed to proceed. Alternatively, you may choose to change your phone number or to disable two-step authentication entirely.

Related articles


Share this article: https://mzl.la/3p8DJls

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More