Forget Passwords, Get Mozilla’s Persona
Is your head spinning with all the usernames and passwords you’ve created for yourself online? If so, the new web identity system from Mozilla, the creater of the Firefox web browser, might be able to help.
Mozilla’s Persona, a Beta 2 version of which was released this week, allows you to sign in to different websites and devices using an email address of your choice, rather than a site-specific or device-specific username and password.
And if you’re thinking that Persona sounds an awful lot like the Facebook and Twitter “one-click” login systems- which serve a similar purpose but often end up broadcasting information like your recent purchases to friends- then think again.
In an interview with a Mozilla blogger, Lloyd Hilaiel, the technical lead for Persona, said that the open authentication system resolves the privacy issues associated with the log in systems of social networking sites by decoupling sign in and permission to publish.
“This simple change allows people to express their desires clearly and naturally,” Hilaiel said.
The first version of the Persona system was released last year, but the Beta 2 version contains some added perks, particularly a little thing that Hilaiel calls “identity bridging.” This new version of Persona allows users with a yahoo.com email address to log in to websites with their Yahoo email address and password. And Hilaiel said that users can soon expect to see other email providers supported by Persona.
Moreover, you don’t have to sign up for Persona. Website publishers do that for you. So the next time you visit your favorite password protected website, don’t be surprised if you’re greeted by a Persona login screen.
Ben Adida, Director of Identity for Mozilla, told CNET that verified email addresses and encrypted passwords will be saved on the Mozilla server. This means that the sites that you log in to with Persona never actually see your password.
Adida also commented on two key security features put in place by Mozilla to ensure that user passwords remain protected. To guard against device-theft, Persona contains what Adida calls a “powerful session lockout mechanism,” which automatically logs users out of Persona when they change their email password from another device.
Persona also limits the use of Persona-supported sites to five minutes on unverified devices. So if you log in with Persona from a public computer, you’ll be prompted to re-enter your password every five minutes. No “remember me” button here.
So far, sites using Persona include the Born This Way Foundation, Firebase and the Eclipse Foundation. But the fact that enabling Persona only takes a few lines of code means that other sites are sure to follow.
[See also: Firefox: Download Mozilla’s Latest Web Browser]