Mozilla Persona - One Password For All Sites
Written by Lucy Black   
Friday, 28 September 2012

Persona, Mozilla's attempt to eliminate site specific passwords on the Web has now entered Beta.

Mozilla has been working on its experimental login system for over a year.

The result is a completely decentralized and, hopefully, secure authentication system for the web based on the open BrowserID protocol. Over the course of its evolution, it has changed its name from BrowserID to Persona and changed its JavaScript API.

The new Observer API introduces an improved post-verification experience for first-time users, automatic persistent logins, and easier integration with native applications and is the one that the Mozilla Identity team is now committed to as the product enters its Beta phase.

An important feature recently added to Observer API is the ability for websites that use Persona to add their name and logo to the login screen.

 

persona2

 

Persona aims to overcome the problem of users having to create and remember a new password for every site they use. It uses email addresses as identities, together with a specific Persona password of between 8 and 80 characters. In principle the email provider has to become the Identity Provider (IdP) but if this is not the case Persona provides a fallback IdP. 

It doesn't require users' real names (which is something Facebook and Google+ insist on limiting users to a single account) and so allows users to keep their work, home, school, and other identities separate. Users can uses as many email addresses as they want with a single password.

From the developer's point of view the benefits of using email addresses are that it provides a direct means of contacting users, it eliminates the need for additional post-signup forms and, as many login systems already treat email addresses as unique keys, it can be deployed alongside existing login systems. It also provides verified email addresses to each site.

Anyone with an email address can sign in to sites using Persona. Also as email can be self-hosted or delegated to other providers, this gives users control of their identity.

Persona's approach to protecting user identity is to put the user's browser in the middle of the authentication process: the browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials.

Persona works with most popular browsers. For the desktop it supports  IE 8.0 and 9.0 (but not IE 6.0 and 7.0); the  current and previous stable release of Firefox, plus Aurora, Nightly and Extended Support releases; and the latest stable releases of Chrome, Safari and Opera. For smartphones it supports Mobile Safari for iOS5.x - 6.x and Andriods default browsers for 2.x - 4.x, Android Firefox and Chrome.

 

Persona is also interesting by virture of being Mozilla’s first serious node.js-based service. 

 

More Information

Persona

Identity at Mozilla

Related Articles

OpenID - the Webmaster's tale

Getting Started with Node.js

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Edgeless Systems Announces Continuum AI
14/03/2024

Edgeless Systems has announced the launch of Continuum, a  security solution that provides cloud-based "Confidential AI" services and enables sharing of sensitive data with chatbots such as ChatG [ ... ]



Azure AI And Pgvector Run Generative AI Directly On Postgres
26/03/2024

It's a match made in heaven. The Azure AI extension enables the database to call into various Azure AI services like Azure OpenAI. Combined with pgvector you can go far beyond full text search. Let's  [ ... ]


More News

Last Updated ( Friday, 09 August 2013 )