Mozilla to run Firefox Monitor study in the US

Mozilla revealed today that it plans to run a Shield Study in the United States to get data on a new feature that it calls Firefox Monitor.

Firefox Monitor is a security tool that gives Firefox users the option to check whether their accounts have been compromised.

It is a web service first and foremost that accepts email addresses to find out if they have been included in leaked breach databases. Mozilla's implementation lists information about the type of breach and data that was exposed.

Visitors to the Firefox Monitor website will be able to check (by entering an email address) to see if their accounts were included in known data breaches, with details on sites and other sources of breaches and the types of personal data exposed in each breach.

Firefox Monitor may get options to sign up for alerts so that you are informed when an email address is found in new leaks.

The service uses Have I Been Pwned as the backend for the functionality and it updates Mozilla's plan to add breach warnings to Firefox.

The organization plans to inform Firefox users if a site was hacked in the past. The feature would allow you to type an email address in the notification prompt to check whether that email address was included in the leak.

Mozilla implemented the email checks in a private-by-design way. The organization implemented a method of "anonymized data sharing for Firefox Monitor" which in essence means that the full email address is never submitted to third-parties. Users who are interested in the technical side of the implementation can read up on it on the Mozilla Security Blog.

Firefox Monitor will be rolled out as a Shield Study to about 250000 users that Mozilla will invited in the United States in the next week. Whether the feature will land in Firefox at one point depends on the study and other data.

Mozilla plans to display security advise on the Firefox Monitor page to provide users with instructions on securing online accounts. The site lists six tips to improve the security of accounts and it is sound advise.

1. Use a different password for every account.
2. Create strong passwords.
3. Make strong security questions (or don't answer them truthfully)
4. Use a password manager.
5. Use two-factor authentication.
6. Sign up for alerts from Firefox Monitor.

Closing Words

Firefox Monitor is an interesting security feature that could attract some users. While you may visit the Have I Been Pwned website directly to find out whether an email address was found in leaked databases, Mozilla's implementation makes things a bit more comfortable thanks to direct integration in the browser.

Now You: What is your take on Firefox Monitor?