Two-step authentication in Firefox Accounts is cumbersome; can't they implement biometric authentication?
Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.
It would be of a great ease and more secure if Mozilla adds the biometric authenrication to view saved logins in Firefox and same feature while auto filling the username, so that the password is kept secure. The biometric authentication data is to be taken from the Windows Biometic Authentication called as Windows Hello just like the web browser Microsoft Edge do.
Biometrics can be used to quickly verify user is still the one that owns the OS user account. But I doubt it can be used to replace 2FA completely. When user signs in on a new device, that device biometrics is not yet confirmed or linked to user's encryption keys.
Also, biometrics has a problem with breaches. Imagine somehow your biometric fingerprint is stolen. How would you change your "password"? Replacing faces and fingers are not cheap 🙂
We are looking forward to add more biometrics uses when accessing sensitive data (passwords, credit cards, etc.). Stay tuned!
Add biometric authentication (TouchID/Windows Hello) before passsword use
I know this has been suggested a couple other times, but I really do think that they should add this.
(Note: a similar idea has been merged into this thread)
Why even adding biometric authentication when they don't support us for exhausted Two-step authentication?
I mean, if you lost all details for the account for Two-step authentication, there are sure not going to help only suggest to create another Firefox account, meaning you have to create useless email. I mean, all other service providers they support disabling 2FA, so you can recover the it again.
Nah ah for Mozilla, might as well stay away from 2FA from Mozilla. They don't support anything.
Here there own quote:
"I lost my two-step authentication device, can’t find recovery codes and don’t have a logged-in device. Can I request to delete my Firefox Account?
In this case, it is currently not possible to delete your Firefox Account, since we don't have a way to verify your identity and ownership of that account. We recommend creating a new Firefox Account to use Firefox Sync and other services that require a Firefox Account.".
Been complaining for year for that, and I can't even make any threads on "support.mozilla.org". Admin blocked it because they got tired of the messages. Might happen here too.
Regarding the comment above about losing your biometrics, I would be fine with biometrics as a complimentary option so that both are available but offers quicker access.
With passkeys available now, has any thought been giving to this? It also reduces phishing attacks as passkeys are associated solely with the originating website.