Mozilla Releases Beta of Password-free Log-in System

[Guest]

Mozilla today released the first public beta version of Persona, a decentralized authentication system for the web that is maintained by Mozilla.

Mozilla Releases Beta of Password-free Log-in System : Read more

 

[sun-devil99]

Sounds like a security risk to me. Putting all your eggs in one basket.

 

[joytech22]

[citation][nom]sun-devil99[/nom]Putting all your eggs in one basket.[/citation]
Well virtually everything that simplifies your technological life is the same as putting all your eggs in one basket.

Same can be said for Underpants (if your a man), Vulnerable at all times to attack just like a cloud service.

 

[A Bad Day]

How will the system work? One master password?

ASUS tried an optional non-password software that takes a picture of you using the webcam. The problem was that it could be bypassed by simply holding up a picture of you to the webcam.

I uninstalled that shovelware junk the day my laptop was mailed in.

 

[Guest]

This is relatively new and in beta so there might be some vulnerabilities that could be exploited.

I would just wait for a a while or not use it at all.

 

[Mysteoa]

Adobe have to fix their broken Flash, the problem is not in FF.

 

[Pherule]

Google, Facebook, and other major players are already doing this. You go to some random website and you're about to comment somewhere, when you realize that your comment will be posted with your Google ID instead of as "Guest" or "Anonymous".

No thanks.

This is why I have a different username & password for each individual site I use, and I have somewhat extreme anti-tracking and security extensions in place.

 

[Onus]

This sounds something like a cloud version of Norton's "Identity Safe." You sign in once, then it fills in your passwords for you. Everything is stored locally. It isn't perfect, but it actually works pretty well most of the time. And, being managed locally, your authentication information is [relatively] safe.
This new service, however, with data in the "cloud," is large-scale identity theft just waiting to happen. When it becomes possible to vote online, this system will be used to rig elections; for sale to the highest bidder.

 

[Vorador2]

There's several systems similar to this. OpenID for example...

People prefer convenience to security in mosts cases (i've seen way too many people having their users and passwords for several services on a plain text file in the desktop!!).

Personally i prefer using KeePass.

 

[WyomingKnott]

One giant Kerberos system?

 

[azeemtahir]

There we go... I think slowly and gradually, they are increasing global surveillance and control of YOUR information and YOUR identity all in the name of convenience. All the comments above have plenty of sense. I just wonder where we're really headed from here on out with all this convenient-technological-advancement-integration crap?!!?!?!? One day, this all might just blow out of proportion. And we're already having Anonymous-Lulz out there... We'll be left with just LOLs and ROFLs after some more episodes - talk about not just a LinkedIn or Sony store breach, but a theft of all your information-under-one-roof, and a mental breakdown that will follow after... The more 'advanced' we're getting, calls in for more gaps that need to be filled. Obviously the pros here would be the last to bite the bullet.

EDIT: not funny as it is though, had trouble posting this comment here... problem logging in. Guess I'm in, Mozilla Dinos! Lol!

 

[gm0n3y]

The safest way is to just have your passwords listed in a random file on your computer. Its open if your computer is compromised, so just name it something innocuous and don't leave it on your desktop or in my documents.

[rant]
Alternatively, you can do what I do at work and just list all of your passwords for the company servers on a sheet of paper tacked onto the wall of my cubicle. It might piss IT off, but it pisses me off to have to remember passwords on over 20 different machines that change every 30 days, have to be 10+ characters with a number and symbol and you can't use the same password twice. Sure that works fine for my manager who only uses his personal machine, but for someone that has multiple web server clusters, database clusters, file servers, and multiple test vms for each of those it is insane. Oh and if I get a password wrong 3 times I am locked out of that machine until I contact IT, who will take minimum 24 hours to get back to me.
[/rant]

Not that I'm bitter or anything.

 

[cookoy]

if security is important then i'd rather take extra effort to remember and keyin the password myself

 

[WyomingKnott]

...to have to remember passwords on over 20 different machines that change every 30 days, have to be 10+ characters with a number and symbol and you can't use the same password twice.

Have you tried password "salting?" I think it works like this: You have a core part of the password that you change every 30 days, plus each machine has a section that is derived from the name of the machine (first 4 and last 2 letters, last part of IP address, whatever you can figure out easily each time).

So your password to machine X is "coRepas$3MACHX", and your password on thingy Y is "coRepas$3THINY."

Would that help at all?