Mozilla Releases Beta of Password-free Log-in System

By Wolfgang Gruener
published

Mozilla today released the first public beta version of Persona, a decentralized authentication system for the web that is maintained by Mozilla.

Designed as an alternative to OpenID or OAuth, Mozilla says that it is making the technology available to eliminate the need to remeber passwords for a number of sites. Persona is offered free of charge around the world. In this beta version, the technology already supports 25 languages.

The sign-up process consists of the user's email address and password and is done in less than a minute at https://login.persona.org.

Supported browsers include Internet Explorer 8 and 9, as well as the latest stable releases of Firefox, Chrome, Safari and Opera on the desktop; Mobile Safari on iOS 5.x and up; as well as Android's default browser 2.x and up; Chrome and Mozilla. Browsers that are explicitly not supported include IE 6 and 7, Google Chrome Frame, as well as third party browsers on iOS.

To work properly, browsers will eventually have to support Mozilla's navigator.id API. Until that happens, Mozilla is offering an implementation that can be used to work in all browsers mentioned above: Webmasters will have to use the https://login.persona.org/include.js file to start using Persona until native integrations of the API are available.

Websites that begin using an integration of Persona can also take advantage of a capability to integrate a fall-back ID provider, should the login of their users fail.

Wolfgang Gruener
13 Comments Comment from the forums
  • sun-devil99
    Sounds like a security risk to me. Putting all your eggs in one basket.
    Reply
  • joytech22
    sun-devil99Putting all your eggs in one basket.Well virtually everything that simplifies your technological life is the same as putting all your eggs in one basket.

    Same can be said for Underpants (if your a man), Vulnerable at all times to attack just like a cloud service.
    Reply
  • A Bad Day
    How will the system work? One master password?

    ASUS tried an optional non-password software that takes a picture of you using the webcam. The problem was that it could be bypassed by simply holding up a picture of you to the webcam.

    I uninstalled that shovelware junk the day my laptop was mailed in.
    Reply
  • This is relatively new and in beta so there might be some vulnerabilities that could be exploited.

    I would just wait for a a while or not use it at all.
    Reply
  • Mysteoa
    Adobe have to fix their broken Flash, the problem is not in FF.
    Reply
  • Pherule
    Google, Facebook, and other major players are already doing this. You go to some random website and you're about to comment somewhere, when you realize that your comment will be posted with your Google ID instead of as "Guest" or "Anonymous".

    No thanks.

    This is why I have a different username & password for each individual site I use, and I have somewhat extreme anti-tracking and security extensions in place.
    Reply
  • Onus
    This sounds something like a cloud version of Norton's "Identity Safe." You sign in once, then it fills in your passwords for you. Everything is stored locally. It isn't perfect, but it actually works pretty well most of the time. And, being managed locally, your authentication information is safe.
    This new service, however, with data in the "cloud," is large-scale identity theft just waiting to happen. When it becomes possible to vote online, this system will be used to rig elections; for sale to the highest bidder.
    Reply
  • Vorador2
    There's several systems similar to this. OpenID for example...

    People prefer convenience to security in mosts cases (i've seen way too many people having their users and passwords for several services on a plain text file in the desktop!!).

    Personally i prefer using KeePass.
    Reply
  • WyomingKnott
    One giant Kerberos system?
    Reply
  • azeemtahir
    There we go... I think slowly and gradually, they are increasing global surveillance and control of YOUR information and YOUR identity all in the name of convenience. All the comments above have plenty of sense. I just wonder where we're really headed from here on out with all this convenient-technological-advancement-integration crap?!!?!?!? One day, this all might just blow out of proportion. And we're already having Anonymous-Lulz out there... We'll be left with just LOLs and ROFLs after some more episodes - talk about not just a LinkedIn or Sony store breach, but a theft of all your information-under-one-roof, and a mental breakdown that will follow after... The more 'advanced' we're getting, calls in for more gaps that need to be filled. Obviously the pros here would be the last to bite the bullet.

    EDIT: not funny as it is though, had trouble posting this comment here... problem logging in. Guess I'm in, Mozilla Dinos! Lol!
    Reply