Mozilla: Firefox will start alerting you to recently breached sites
Mozilla brings Firefox Monitor to Firefox on the desktop.
Firefox-maker Mozilla is integrating its recently launched data-breach alert service into Firefox on the desktop.
In September, Mozilla launched Firefox Monitor, which allows users to type in an email address and find out if their details are involved in any of the breaches cataloged on Australian security expert Troy Hunt’s website, Have I Been Pwned (HIBP).
Users can also sign up to Firefox Monitor to receive an email alert the next time their credentials are included in a breach added to HIBP.
There were some questions about how useful Firefox Monitor is, given it doesn’t do much more than Hunt’s own website. Have I Been Pwned visitors can also sign up to be notified if they’re affected by future breaches.
But Firefox Monitor is about to get much wider exposure by way of new data-breach notifications that will appear within the Firefox desktop browser. The feature is rolling out over the next few weeks.
The notifications will appear when Firefox users visit a site that has been breached in the past. The notification prompts the user to ‘Check Firefox Monitor’ website to see whether or not they’ve been affected by that data breach.
According to Mozilla, the browser alert will appear “at most once per site and only for data breaches reported in the previous 12 months”.
Running a data center today, no matter the business, is an exercise in managing and overcoming complexity. In this report, we’ll look at how a strong foundation in both the cloud and internal data centers is empowering organizations to not only get the most out of their IT infrastructure today, but is also preparing them to be able to better take advantage of new technologies already on their way.
Mozilla’s new Firefox Monitor policy is built around two conditions, which are designed to encourage users to address password risks without creating alert fatigue.
If the user has never seen an alert in Firefox before, the browser will only display an alert on sites that have been added to Have I Been Pwned in the past 12 months.
Once the user has seen one alert, Firefox will only show an alert for sites added to Have I Been Pwned in the past two months.
“We believe this 12-month and two-month policy are reasonable timeframes to alert users to both the password-reuse and unchanged-password risks. A longer alert timeframe would help us ensure we make even more users aware of the password-reuse risk,” explained Mozilla privacy engineer Luke Crouch.
“However, we don’t want to alarm users or to create noise by triggering alerts for sites that have long since taken significant steps to protect their users. That noise could decrease the value and usability of an important security feature.”
PREVIOUS AND RELATED COVERAGE
New site Firefox Monitor to act as a passthrough to service operated by security researcher Troy Hunt.
Mozilla’s service can help you decide which passwords need changing.
Researchers reveal a tricky technique that uses a CSS3 feature to let attackers recover Facebook user data.
Tor Browser finally updated to use new-and-improved Firefox Quantum codebase. This includes new Photon UI.
If you use the Firefox browser, you might want to include a handy extension from Avast that helps protect you from phishing and malware sites.