Mozilla Releases Beta of Password-free Log-in System
Mozilla today released the first public beta version of Persona, a decentralized authentication system for the web that is maintained by Mozilla.
Designed as an alternative to OpenID or OAuth, Mozilla says that it is making the technology available to eliminate the need to remeber passwords for a number of sites. Persona is offered free of charge around the world. In this beta version, the technology already supports 25 languages.
The sign-up process consists of the user's email address and password and is done in less than a minute at https://login.persona.org.
Supported browsers include Internet Explorer 8 and 9, as well as the latest stable releases of Firefox, Chrome, Safari and Opera on the desktop; Mobile Safari on iOS 5.x and up; as well as Android's default browser 2.x and up; Chrome and Mozilla. Browsers that are explicitly not supported include IE 6 and 7, Google Chrome Frame, as well as third party browsers on iOS.
To work properly, browsers will eventually have to support Mozilla's navigator.id API. Until that happens, Mozilla is offering an implementation that can be used to work in all browsers mentioned above: Webmasters will have to use the https://login.persona.org/include.js file to start using Persona until native integrations of the API are available.
Websites that begin using an integration of Persona can also take advantage of a capability to integrate a fall-back ID provider, should the login of their users fail.
Well virtually everything that simplifies your technological life is the same as putting all your eggs in one basket.
Same can be said for Underpants (if your a man), Vulnerable at all times to attack just like a cloud service.
ASUS tried an optional non-password software that takes a picture of you using the webcam. The problem was that it could be bypassed by simply holding up a picture of you to the webcam.
I uninstalled that shovelware junk the day my laptop was mailed in.
I would just wait for a a while or not use it at all.
No thanks.
This is why I have a different username & password for each individual site I use, and I have somewhat extreme anti-tracking and security extensions in place.
This new service, however, with data in the "cloud," is large-scale identity theft just waiting to happen. When it becomes possible to vote online, this system will be used to rig elections; for sale to the highest bidder.
People prefer convenience to security in mosts cases (i've seen way too many people having their users and passwords for several services on a plain text file in the desktop!!).
Personally i prefer using KeePass.
EDIT: not funny as it is though, had trouble posting this comment here... problem logging in. Guess I'm in, Mozilla Dinos! Lol!
[rant]
Alternatively, you can do what I do at work and just list all of your passwords for the company servers on a sheet of paper tacked onto the wall of my cubicle. It might piss IT off, but it pisses me off to have to remember passwords on over 20 different machines that change every 30 days, have to be 10+ characters with a number and symbol and you can't use the same password twice. Sure that works fine for my manager who only uses his personal machine, but for someone that has multiple web server clusters, database clusters, file servers, and multiple test vms for each of those it is insane. Oh and if I get a password wrong 3 times I am locked out of that machine until I contact IT, who will take minimum 24 hours to get back to me.
[/rant]
Not that I'm bitter or anything.
Have you tried password "salting?" I think it works like this: You have a core part of the password that you change every 30 days, plus each machine has a section that is derived from the name of the machine (first 4 and last 2 letters, last part of IP address, whatever you can figure out easily each time).
So your password to machine X is "coRepas$3MACHX", and your password on thingy Y is "coRepas$3THINY."
Would that help at all?