Mozilla Persona - One Password For All Sites
Written by Lucy Black   
Friday, 28 September 2012

Persona, Mozilla's attempt to eliminate site specific passwords on the Web has now entered Beta.

Mozilla has been working on its experimental login system for over a year.

The result is a completely decentralized and, hopefully, secure authentication system for the web based on the open BrowserID protocol. Over the course of its evolution, it has changed its name from BrowserID to Persona and changed its JavaScript API.

The new Observer API introduces an improved post-verification experience for first-time users, automatic persistent logins, and easier integration with native applications and is the one that the Mozilla Identity team is now committed to as the product enters its Beta phase.

An important feature recently added to Observer API is the ability for websites that use Persona to add their name and logo to the login screen.




Persona aims to overcome the problem of users having to create and remember a new password for every site they use. It uses email addresses as identities, together with a specific Persona password of between 8 and 80 characters. In principle the email provider has to become the Identity Provider (IdP) but if this is not the case Persona provides a fallback IdP. 

It doesn't require users' real names (which is something Facebook and Google+ insist on limiting users to a single account) and so allows users to keep their work, home, school, and other identities separate. Users can uses as many email addresses as they want with a single password.

From the developer's point of view the benefits of using email addresses are that it provides a direct means of contacting users, it eliminates the need for additional post-signup forms and, as many login systems already treat email addresses as unique keys, it can be deployed alongside existing login systems. It also provides verified email addresses to each site.

Anyone with an email address can sign in to sites using Persona. Also as email can be self-hosted or delegated to other providers, this gives users control of their identity.

Persona's approach to protecting user identity is to put the user's browser in the middle of the authentication process: the browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials.

Persona works with most popular browsers. For the desktop it supports  IE 8.0 and 9.0 (but not IE 6.0 and 7.0); the  current and previous stable release of Firefox, plus Aurora, Nightly and Extended Support releases; and the latest stable releases of Chrome, Safari and Opera. For smartphones it supports Mobile Safari for iOS5.x - 6.x and Andriods default browsers for 2.x - 4.x, Android Firefox and Chrome.


Persona is also interesting by virture of being Mozilla‚Äôs first serious node.js-based service. 


More Information


Identity at Mozilla

Related Articles

OpenID - the Webmaster's tale

Getting Started with Node.js


raspberry pi books



or email your comment to:


To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.



Zilliz Cloud Adds Range Search

The Zilliz Cloud database developers have added new features to Zilliz Cloud, including range search, multi-tenancy & RBAC, and up to ten times improved search and indexing performance.

CSS Test of Time Award 2023

The ACM CCS Test-of-Time Award honors research with long-lasting influence, which have had significant impacts on systems security and privacy. The 2023 award in respect of a paper by Marten van Dijk  [ ... ]

More News

Last Updated ( Friday, 09 August 2013 )