- Mozilla Connect
- Ideas
- Option to Require Re-Authentication when Using Moz...
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Currently, when you try to access accounts through Mozilla Account SSO in a signed-in browser, no re-authentication of any kind is required to proceed. This means that with mere access to the browser, one has full access to any account which uses Mozilla Account SSO, including websites such as this very Ideas Forum, or perhaps more sensitive accounts such as Mozilla Monitor. Not your account password or your 2FA or even your Primary Password is required.
There should be an option, whether in your Mozilla Account settings or in the Primary Password settings, to require some kind of Re-Authentication when going through an SSO flow using your Mozilla Account, even if you are already signed-in to a Mozilla Account, and even if you are in a signed-in and synced Firefox browser.
- New idea 8,327
- Trending idea 65
- Needs more 1
- In review 12
- Exploring more 12
- In development 60
- Not right now 8
- Delivered 200
- Closed 27
