Mozilla Persona Beta launched

Martin Brinkmann
Sep 27, 2012
Updated • Sep 27, 2012
Development, Security
|
8

Mozilla Persona, formerly known as BrowserID and not to be confused with the theme switching feature Personas, is Mozilla's attempt to change how users sign up and log in on the Internet. When you log in on today's Internet, you usually need to supply a username and a password to the website you want to sign in to which you have selected during sign up. Sometimes, you may even need to supply more than that, for instance if you have activated 2-step authentication if the service is offering that.

So, how is Persona changing how we log in on the Internet? It centers around an email address and a single password that you use to create the Persona account on the official web page. Once done, you can use the sign up or log in forms on websites that support Mozilla Persona to sign in effortlessly.

Instead of having to go through a lengthy sign up process, selecting a random strong password, verifying your email address and all that, you simply select the Persona account that you want to use for the site.

You then in the second step decide whether you want to remain signed in for the session or one month. The first is the suggested behavior when you are not working on your own computer, the second when you work on a computer that you trust.

How is that different from services like Last Pass? First, you skip the sign up process, which you have to complete when you sign up on a site with the online password manager. Second, you are not limited to compatible devices or browsers, as Mozilla Persona should work in all modern web browsers regardless of whether they are running on a desktop PC, tablet or smartphone. Third, you do not need to select a password for each site you sign up with, as everything is handled by the Mozilla Persona account.

The biggest issue without doubt is that sites need to support Mozilla Persona for you to use it. This means that you - for some time to come - will be using Persona and regular passwords side by side. A list of sites supporting Mozilla Persona is not available yet, which is another issue that you will run into.

The idea, as interesting as it may be, depends solely on the adoption of the system on important Internet sites. Web developers can check out the documentation over at the Mozilla website.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Anonymous said on September 28, 2012 at 11:23 am
    Reply

    nothing beats ghacks. you don’t even have to use a username!

  2. ilev said on September 28, 2012 at 7:41 am
    Reply

    One password to rule them all ? If that password is hacked, and it will be, than
    all your data is at risk.

    1. Martin Brinkmann said on September 28, 2012 at 8:01 am
      Reply

      Exactly like your master password if you are using LastPass.

      1. ilev said on September 28, 2012 at 8:49 am
        Reply

        I have no fate in any cloud/remote serve to to securely manage my password.

        Just to remind you the latest IEEE.org user/password hack.

        …The username and passwords of nearly 100,000 members of the IEEE where left in plain text on a publicly available FTP server for a month before being discovered last week by a teaching assistant in the computer science department at the University of Copenhagen….

        In addition, 100GB of web server log files from the ieee.org and spectrum.ieee.org Web sites were publicly available because administrators failed to set access controls. The logs showed 376 million HTTP requests, with 411,308 including both usernames and passwords.

        The compromised accounts belonged mostly to Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other universities and organizations….

        http://www.zdnet.com/ieee-mum-on-publicly-exposing-100k-plain-text-names-passwords-7000004801/

  3. ACow said on September 28, 2012 at 1:31 am
    Reply

    Let’s just hope these universal authenticators never become the norm. There’s a reason why you (should) have different passwords for every website/service.

  4. Sina said on September 27, 2012 at 9:46 pm
    Reply

    Thanks Martin. I’ve 2 quick questions (Martin or Anyone):

    1. I signed up about a year ago, but never seen any website that used it. Do you know any popular website that implemented this feature ?

    2. How is it different with OpenID system ? Any big different that makes sense ?

    1. Martin Brinkmann said on September 27, 2012 at 11:06 pm
      Reply

      There is no list. The about page lists three web pages that use the feature, but that is all I know as well. I think I read somewhere that they want to implement it on Mozilla.org, but can’t find a source right now.

      https://login.persona.org/about

      OpenID uses a similar technique. I never really looked at the implementation though and can’t therefor say anything about the differences of the two systems. Maybe someone else who did can do that.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.