Mozilla To Force All Add-On Devs To Use 2FA To Prevent Supply-Chain Attacks – Comments

By December 16, 2019

Mozilla announced last week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account.

As of early 2020, #Firefox extension #developers will be required to have #2FA enabled on #Mozilla Add-Ons portal to help prevent cybercrooks from taking control of legitimate add-ons and their users. Good #security move for #AMO, @Firefox > https://t.co/RQvGV2Q7G5

— Authy (@Authy) December 13, 2019

EXPERTS COMMENTS

Ameet Naik, Security Evangelist , PerimeterX

December 16, 2019

70% of the scripts running on a typical website are third-party scripts. The client-side is becoming the new battleground in the effort to secure web applications. According to a recent study from Osterman Research, 70% of the scripts running on a typical website are third-party scripts. Further, browser extensions wield potentially limitless power over web applications. These extensions are able to inject additional scripts, read all activity and harvest PII from web pages--all without the users' knowledge. Website owners have no control over this either, but they carry a disproportionate amount of risk. This tarnishes their brand experience and hurts the users' path to purchase. We applaud this move by Mozilla to further secure the supply chain for browser extensions by enforcing two-factor authentication (2FA). This would make it harder for hackers to hijack third-party browser extensions and carry out digital skimming attacks.
Mozilla announced last week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account.
