The other day I echoed recommendations on Hardening Firefox that I got from an article by Keith Axline. Since then, however, I’ve learned two things.
First, Axline has changed his recommendations from HTTPS Everywhere to Smart HTTPS for the reasons given in this thread.
Second, I discovered that when I had Smart Referer on, I wasn’t able to use Google two-factor authentication. Instead, when google asked me to authenticate via my phone, I got timeouts instantly.
Disabling the Smart Referer extension temporarily (which is easy as it creates a button on the toolbar) allowed me to log in, and things seem to work fine if I re-enable Smart Referer immediately after I log in to my Gmail. But that may be more annoyance than most people want, especially given that Google two factor authentication is more annoyance than most people want.
I have been able to pass two-step verification by adding in Options\Exceptions of Smart Referer the line:
Source: accounts.google.com Destination: content.googleapis.com
I hope that the Smart Referer developers include the exception in their whitelist.
Thanks for providing me this comment space to leave my solution 😀