Mozilla BrowserID, Sign-In System
Many contents on the Internet require a user account before they can be accessed and used. This means for users that they have to create an account, by entering one of their email addresses, selecting a password, username and maybe some other information. They often get a confirmation email with a link that they have to load to verify the sign-up. Once that is done they can log into the service or system. This feels redundant considering that users have to repeat the very same process for all the sites that require an account.
We have seen services in the past that try to tackle the issue with a global ID. Open ID is one of those services. You basically create a single account at Open ID and can use the account information to sign in on sites that support the technology.
Mozilla has now introduced their own service, called BrowserID. The technology has been designed to work with all browsers and mobile devices. Users benefit from a streamlined process. They only have to verify their email address once before they can use BrowserID to sign into any website supporting BrowserID with two clicks.
BrowserID displays a popup window when a user clicks on sign In on a website that supports it. If the user is logged into BrowserID, all email addresses associated with the account are displayed. All it takes to sign in is to select one, or use the default selection, and click the Sign In button in the window afterwards. A password does not need to be entered anymore.
Mozilla has published a short tutorial for web developers who want to implement BrowserID on their websites and services. The tutorial is available here on the BrowserID website. There is also a short guide that describes the BrowserID technology.
A blog post over at Mozilla summarizes the benefits of the technology:
- Easy to use: Users sign up once and can use BrowserID on any website supporting it. They save time and get the same log in experience on all of those sites.
- Secure: Uses the verified email protocol. Public Key Cryptography is used to verify account ownership.
- Cross-Browser: Works on all modern browsers
- Future browser support
- Respects Privacy: Does not leak back information to a server about the sites a user visits.
The project is experimental in its current stage. Plans are to integrate the feature into the Firefox web browser at a later point in time.
It is to early to tell if BrowserID will take of in the future. It might if Mozilla succeeds in implementing BrowserID into the Firefox browser natively.
What's your take on it? (via)Advertisement
A Welcome step from Mozilla indeed but the real question is it fail-safe from a attacker?
Can it be exploited? The questions may sound cynical but its the only way to be sure about this browserid security’s true efficiency.
Fail-safe? Is any login system fail-safe? It only has to be as hackproof as the commonly used methods now.
With all due respect that’s where your assertion is wrong.Haven’t you heard of two-factor authentication?
Gmail does it with your cellphone, That’s ‘hackproof’ at least for me(don’t know about others)
For me, it doesnt look different in any way (besides deeper integration with browser; Firefox only i assume?) than OpenID and OAuth.
Im using Firefox Sync (since Weave) and Secure Login extension and im completely satisfied.
And no, im not excited as you guys.