Mozilla PersonaMozilla is trying to deal a two-fisted blow to the continued use of passwords as an online authenticator, as well as the practice using social media username-password combinations as a persistent login on other sites. Its Persona project has moved into its first beta release promising developers and website users a better and more private authentication experience.

Persona, when integrated into a website, eliminates the need for users to re-enter passwords; a one-time email address is the only authenticator required after an identity is registered.

According to the Mozilla developer site, instead of requiring a password, the user’s browser will generate cryptographic identity assertion that lasts only a few minutes and works only for one site. This eliminates the need for sites to have to store passwords or losing them to an attacker.

“The browser obtains credentials from the user’s email provider, and then turns around and presents those credentials to a website. The email provider can’t track the user, but websites can still be confident in the user’s identity by cryptographically verifying the credentials,” the developer site said. “Most other systems, even distributed ones like OpenID, require that the sites ‘phone home’ before allowing a user to log in.”

Since it was introduced in July 2011 as BrowserID, Mozilla overhauled the API developers would use to integrate it onto sites, as well as enhanced first time sign-ups to simplify the process for users.

“Our goal is simple: We want to eliminate passwords on the Web,” Mozilla’s Ben Adida wrote in a blog post. Adida leads Mozilla’s identity efforts.

Adida said Persona Beta 1 supports all desktop and mobile browsers and can be deployed quickly, sometimes in as little as 15 minutes.

“When you deploy Persona on your website, you’re showing respect for your users and their data,” he wrote. “You’re only asking for the data needed to log them in and users know they’re only  sharing exactly what’s shown on the screen.”

Persona, Mozilla said, affords users the option of not using Facebook, Twitter and other social media log-ins as authenticators and being subject to the website tracking and other privacy implications of doing so. “[Persona] is also designed with the Mozilla values in mind,” Adida said.

Categories: Web Security

Comments (4)

  1. Anonymous

    And when I use my friends computer to go to my sites? And when my fabulous windows OS farts its kernel out the exhaust fan? And what about Android? You know, that little green robot , as in Googles MASSIVE data mining “BOT”? Just three that pop up quickly.

    How long before this is compromised? It’s most likely already mapped, stacked, and completely hacked before it’s realeased… Why does it seem like all the real talent in in the scumbag camp?

    Nothing new under the sun. 11:59.59 PM

  2. Anonymous

    “The browser obtains credentials from the user’s email provider, and then turns around and presents those credentials to a website.”

    (You can probably switch which account it auths to meaning you can use any computer..)

    When your OS dies you can probably just re-install Firefox on the new OS.. It’s not like your e-mail is on your PC.

    Who knows about Droid.. And who cares? Step 1 first then Step 2 then …

    Security — How long before anything is compromised? Saying something is most likely hacked, stacked blah blah blah it’s really being quite ignorant of the technology behind the scenes. Sure.. it could be released compromised.. but so can anything.

    As for your talent comment.. I have no clue what you even mean.

  3. Anonymous

    Personally, I am GRATEFUL for all the Computer Bunnies (read WHIZZES) at Mozilla.  I am so computer challenged, that if it weren’t for these folks, they’d have to pipe sunlight to me every third Thursday!  Bless ’em all for the things they do to try and make using the internet & the web better for all of us!

  4. Anonymous

    Throughout recorded history the simple solutions very often turn out to be the best solutions.

    “Persona” may only be simple to the end point user but that is what drives we bunnies to keep spinning across the Inter-chaos. Hooray for the Mozilla team.

Comments are closed.