Sign in with
Sign up | Sign in

Mozilla Releases Beta of Password-free Log-in System

By - Source: Mozilla | B 13 comments

Mozilla today released the first public beta version of Persona, a decentralized authentication system for the web that is maintained by Mozilla.

Designed as an alternative to OpenID or OAuth, Mozilla says that it is making the technology available to eliminate the need to remeber passwords for a number of sites. Persona is offered free of charge around the world. In this beta version, the technology already supports 25 languages.

The sign-up process consists of the user's email address and password and is done in less than a minute at https://login.persona.org.

Supported browsers include Internet Explorer 8 and 9, as well as the latest stable releases of Firefox, Chrome, Safari and Opera on the desktop; Mobile Safari on iOS 5.x and up; as well as Android's default browser 2.x and up; Chrome and Mozilla. Browsers that are explicitly not supported include IE 6 and 7, Google Chrome Frame, as well as third party browsers on iOS.

To work properly, browsers will eventually have to support Mozilla's navigator.id API. Until that happens, Mozilla is offering an implementation that can be used to work in all browsers mentioned above: Webmasters will have to use the https://login.persona.org/include.js file to start using Persona until native integrations of the API are available.

Websites that begin using an integration of Persona can also take advantage of a capability to integrate a fall-back ID provider, should the login of their users fail.

Display 13 Comments.
This thread is closed for comments
Top Comments
  • 12 Hide
    sun-devil99 , September 28, 2012 3:34 AM
    Sounds like a security risk to me. Putting all your eggs in one basket.
Other Comments
  • 12 Hide
    sun-devil99 , September 28, 2012 3:34 AM
    Sounds like a security risk to me. Putting all your eggs in one basket.
  • 2 Hide
    joytech22 , September 28, 2012 3:53 AM
    sun-devil99Putting all your eggs in one basket.

    Well virtually everything that simplifies your technological life is the same as putting all your eggs in one basket.

    Same can be said for Underpants (if your a man), Vulnerable at all times to attack just like a cloud service.
  • 1 Hide
    A Bad Day , September 28, 2012 3:55 AM
    How will the system work? One master password?

    ASUS tried an optional non-password software that takes a picture of you using the webcam. The problem was that it could be bypassed by simply holding up a picture of you to the webcam.

    I uninstalled that shovelware junk the day my laptop was mailed in.
  • 3 Hide
    Anonymous , September 28, 2012 4:57 AM
    This is relatively new and in beta so there might be some vulnerabilities that could be exploited.

    I would just wait for a a while or not use it at all.
  • 2 Hide
    Mysteoa , September 28, 2012 6:34 AM
    Adobe have to fix their broken Flash, the problem is not in FF.
  • 1 Hide
    Pherule , September 28, 2012 9:59 AM
    Google, Facebook, and other major players are already doing this. You go to some random website and you're about to comment somewhere, when you realize that your comment will be posted with your Google ID instead of as "Guest" or "Anonymous".

    No thanks.

    This is why I have a different username & password for each individual site I use, and I have somewhat extreme anti-tracking and security extensions in place.
  • 0 Hide
    Onus , September 28, 2012 11:22 AM
    This sounds something like a cloud version of Norton's "Identity Safe." You sign in once, then it fills in your passwords for you. Everything is stored locally. It isn't perfect, but it actually works pretty well most of the time. And, being managed locally, your authentication information is [relatively] safe.
    This new service, however, with data in the "cloud," is large-scale identity theft just waiting to happen. When it becomes possible to vote online, this system will be used to rig elections; for sale to the highest bidder.
  • 1 Hide
    Vorador2 , September 28, 2012 11:24 AM
    There's several systems similar to this. OpenID for example...

    People prefer convenience to security in mosts cases (i've seen way too many people having their users and passwords for several services on a plain text file in the desktop!!).

    Personally i prefer using KeePass.
  • -1 Hide
    WyomingKnott , September 28, 2012 4:04 PM
    One giant Kerberos system?
  • -1 Hide
    azeemtahir , September 28, 2012 5:33 PM
    There we go... I think slowly and gradually, they are increasing global surveillance and control of YOUR information and YOUR identity all in the name of convenience. All the comments above have plenty of sense. I just wonder where we're really headed from here on out with all this convenient-technological-advancement-integration crap?!!?!?!? One day, this all might just blow out of proportion. And we're already having Anonymous-Lulz out there... We'll be left with just LOLs and ROFLs after some more episodes - talk about not just a LinkedIn or Sony store breach, but a theft of all your information-under-one-roof, and a mental breakdown that will follow after... The more 'advanced' we're getting, calls in for more gaps that need to be filled. Obviously the pros here would be the last to bite the bullet.

    EDIT: not funny as it is though, had trouble posting this comment here... problem logging in. Guess I'm in, Mozilla Dinos! Lol!
  • -1 Hide
    gm0n3y , September 28, 2012 7:20 PM
    The safest way is to just have your passwords listed in a random file on your computer. Its open if your computer is compromised, so just name it something innocuous and don't leave it on your desktop or in my documents.

    [rant]
    Alternatively, you can do what I do at work and just list all of your passwords for the company servers on a sheet of paper tacked onto the wall of my cubicle. It might piss IT off, but it pisses me off to have to remember passwords on over 20 different machines that change every 30 days, have to be 10+ characters with a number and symbol and you can't use the same password twice. Sure that works fine for my manager who only uses his personal machine, but for someone that has multiple web server clusters, database clusters, file servers, and multiple test vms for each of those it is insane. Oh and if I get a password wrong 3 times I am locked out of that machine until I contact IT, who will take minimum 24 hours to get back to me.
    [/rant]

    Not that I'm bitter or anything.
  • 0 Hide
    cookoy , September 28, 2012 7:40 PM
    if security is important then i'd rather take extra effort to remember and keyin the password myself
  • 1 Hide
    WyomingKnott , September 28, 2012 8:24 PM
    Quote:
    ...to have to remember passwords on over 20 different machines that change every 30 days, have to be 10+ characters with a number and symbol and you can't use the same password twice.

    Have you tried password "salting?" I think it works like this: You have a core part of the password that you change every 30 days, plus each machine has a section that is derived from the name of the machine (first 4 and last 2 letters, last part of IP address, whatever you can figure out easily each time).

    So your password to machine X is "coRepas$3MACHX", and your password on thingy Y is "coRepas$3THINY."

    Would that help at all?