The Mozilla team has announced a new recovery key option for Firefox accounts that can be used to access Firefox data if users forget their passwords.
Starting today, users will be able to generate a one-time recovery key associated with their account. Once the key is used to access the account, it becomes invalid, and the user needs to create another one.
Previously, Mozilla provided new encryption keys to users on resetting a forgotten password. However, it came with a potential risk of losing any synced bookmarks, passwords and browsing history. Account Recovery addresses this issue and ensures that users can keep their encryption keys and not lose any data at all.
How does it work?
All recent versions of Firefox browser have Firefox Accounts. Data such as passwords, browsing history, open tabs, bookmarks, installed add-ons, etc., that are associated with an account are saved through Firefox Sync.
Sync encrypts the user’s browser data on a local computer by using Firefox account password. It then sends this encrypted data to Mozilla’s servers for storage making sure that no one can access it without the user’s password (which acts as a decryption key here).
But there are cases where the user loses the device, or it is stolen. Even after installing Firefox on a new device, the previous browser data can be downloaded and decrypted without the Firefox account password.
This is where the “recovery key” feature for Firefox Accounts steps in. Whenever a user forgets the Firefox account password, this key acts as a secondary decryption key for their data.
The Firefox recovery key works like recovery codes during two-factor authentication setup. However, Firefox users will have to write them down somewhere else or store somewhere online or offline preferably on a secondary device.
You can check out more instructions on how to generate recovery keys for Firefox account from this support page.