Mozilla Persona Beta launched
Mozilla Persona, formerly known as BrowserID and not to be confused with the theme switching feature Personas, is Mozilla's attempt to change how users sign up and log in on the Internet. When you log in on today's Internet, you usually need to supply a username and a password to the website you want to sign in to which you have selected during sign up. Sometimes, you may even need to supply more than that, for instance if you have activated 2-step authentication if the service is offering that.
So, how is Persona changing how we log in on the Internet? It centers around an email address and a single password that you use to create the Persona account on the official web page. Once done, you can use the sign up or log in forms on websites that support Mozilla Persona to sign in effortlessly.
Instead of having to go through a lengthy sign up process, selecting a random strong password, verifying your email address and all that, you simply select the Persona account that you want to use for the site.
You then in the second step decide whether you want to remain signed in for the session or one month. The first is the suggested behavior when you are not working on your own computer, the second when you work on a computer that you trust.
How is that different from services like Last Pass? First, you skip the sign up process, which you have to complete when you sign up on a site with the online password manager. Second, you are not limited to compatible devices or browsers, as Mozilla Persona should work in all modern web browsers regardless of whether they are running on a desktop PC, tablet or smartphone. Third, you do not need to select a password for each site you sign up with, as everything is handled by the Mozilla Persona account.
The biggest issue without doubt is that sites need to support Mozilla Persona for you to use it. This means that you - for some time to come - will be using Persona and regular passwords side by side. A list of sites supporting Mozilla Persona is not available yet, which is another issue that you will run into.
The idea, as interesting as it may be, depends solely on the adoption of the system on important Internet sites. Web developers can check out the documentation over at the Mozilla website.Advertisement
Thanks Martin. I’ve 2 quick questions (Martin or Anyone):
1. I signed up about a year ago, but never seen any website that used it. Do you know any popular website that implemented this feature ?
2. How is it different with OpenID system ? Any big different that makes sense ?
There is no list. The about page lists three web pages that use the feature, but that is all I know as well. I think I read somewhere that they want to implement it on Mozilla.org, but can’t find a source right now.
OpenID uses a similar technique. I never really looked at the implementation though and can’t therefor say anything about the differences of the two systems. Maybe someone else who did can do that.
Let’s just hope these universal authenticators never become the norm. There’s a reason why you (should) have different passwords for every website/service.
One password to rule them all ? If that password is hacked, and it will be, than
all your data is at risk.
Exactly like your master password if you are using LastPass.
I have no fate in any cloud/remote serve to to securely manage my password.
Just to remind you the latest IEEE.org user/password hack.
…The username and passwords of nearly 100,000 members of the IEEE where left in plain text on a publicly available FTP server for a month before being discovered last week by a teaching assistant in the computer science department at the University of Copenhagen….
In addition, 100GB of web server log files from the ieee.org and spectrum.ieee.org Web sites were publicly available because administrators failed to set access controls. The logs showed 376 million HTTP requests, with 411,308 including both usernames and passwords.
The compromised accounts belonged mostly to Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other universities and organizations….
nothing beats ghacks. you don’t even have to use a username!