Mozilla Persona - One Password For All Sites
Written by Lucy Black   
Friday, 28 September 2012

Persona, Mozilla's attempt to eliminate site specific passwords on the Web has now entered Beta.

Mozilla has been working on its experimental login system for over a year.

The result is a completely decentralized and, hopefully, secure authentication system for the web based on the open BrowserID protocol. Over the course of its evolution, it has changed its name from BrowserID to Persona and changed its JavaScript API.

The new Observer API introduces an improved post-verification experience for first-time users, automatic persistent logins, and easier integration with native applications and is the one that the Mozilla Identity team is now committed to as the product enters its Beta phase.

An important feature recently added to Observer API is the ability for websites that use Persona to add their name and logo to the login screen.

 

persona2

 

Persona aims to overcome the problem of users having to create and remember a new password for every site they use. It uses email addresses as identities, together with a specific Persona password of between 8 and 80 characters. In principle the email provider has to become the Identity Provider (IdP) but if this is not the case Persona provides a fallback IdP. 

It doesn't require users' real names (which is something Facebook and Google+ insist on limiting users to a single account) and so allows users to keep their work, home, school, and other identities separate. Users can uses as many email addresses as they want with a single password.

From the developer's point of view the benefits of using email addresses are that it provides a direct means of contacting users, it eliminates the need for additional post-signup forms and, as many login systems already treat email addresses as unique keys, it can be deployed alongside existing login systems. It also provides verified email addresses to each site.

Anyone with an email address can sign in to sites using Persona. Also as email can be self-hosted or delegated to other providers, this gives users control of their identity.

Persona's approach to protecting user identity is to put the user's browser in the middle of the authentication process: the browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials.

Persona works with most popular browsers. For the desktop it supports  IE 8.0 and 9.0 (but not IE 6.0 and 7.0); the  current and previous stable release of Firefox, plus Aurora, Nightly and Extended Support releases; and the latest stable releases of Chrome, Safari and Opera. For smartphones it supports Mobile Safari for iOS5.x - 6.x and Andriods default browsers for 2.x - 4.x, Android Firefox and Chrome.

 

Persona is also interesting by virture of being Mozilla’s first serious node.js-based service. 

 

More Information

Persona

Identity at Mozilla

Related Articles

OpenID - the Webmaster's tale

Getting Started with Node.js

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Linkerd Adds Egress And Rate Limiting
05/12/2024

Linkerd has announced a new version of its service mesh. It adds three major new features: egress traffic visibility and control; per-service rate limiting; and federated services.



Copilot Improves Code Quality
27/11/2024

Findings from GitHub show that code authored with Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates than code authored without it.

 [ ... ]


More News

Last Updated ( Friday, 09 August 2013 )