Mozilla's Persona Web Authentication System Moves into Beta
Contributed by: Email on 09/28/2012 04:01 PM [ Comments ]
Mozilla is trying to deal a two-fisted blow to the continued use of passwords as an online authenticator, as well as the practice using social media username-password combinations as a persistent login on other sites. Its Persona project has moved into its first beta release promising developers and website users a better and more private authentication experience.
Persona, when integrated into a website, eliminates the need for users to re-enter passwords; a one-time email address is the only authenticator required after an identity is registered.
According to the Mozilla developer site, instead of requiring a password, the users browser will generate cryptographic identity assertion that lasts only a few minutes and works only for one site. This eliminates the need for sites to have to store passwords or losing them to an attacker.
The browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials, the developer site said. Most other systems, even distributed ones like OpenID, require that the sites phone home before allowing a user to log in.
Since it was introduced in July 2011 as BrowserID, Mozilla overhauled the API developers would use to integrate it onto sites, as well as enhanced first time sign-ups to simplify the process for users.
Our goal is simple: We want to eliminate passwords on the Web, Mozillas Ben Adida wrote in a blog post. Adida leads Mozillas identity efforts.
Adida said Persona Beta 1 supports all desktop and mobile browsers and can be deployed quickly, sometimes in as little as 15 minutes.
When you deploy Persona on your website, youre showing respect for your users and their data, he wrote. Youre only asking for the data needed to log them in and users know theyre only sharing exactly whats shown on the screen.
Persona, Mozilla said, affords users the option of not using Facebook, Twitter and other social media log-ins as authenticators and being subject to the website tracking and other privacy implications of doing so. [Persona] is also designed with the Mozilla values in mind, Adida said.
Persona, when integrated into a website, eliminates the need for users to re-enter passwords; a one-time email address is the only authenticator required after an identity is registered.
According to the Mozilla developer site, instead of requiring a password, the users browser will generate cryptographic identity assertion that lasts only a few minutes and works only for one site. This eliminates the need for sites to have to store passwords or losing them to an attacker.
The browser obtains credentials from the user's email provider, and then turns around and presents those credentials to a website. The email provider can't track the user, but websites can still be confident in the user's identity by cryptographically verifying the credentials, the developer site said. Most other systems, even distributed ones like OpenID, require that the sites phone home before allowing a user to log in.
Since it was introduced in July 2011 as BrowserID, Mozilla overhauled the API developers would use to integrate it onto sites, as well as enhanced first time sign-ups to simplify the process for users.
Our goal is simple: We want to eliminate passwords on the Web, Mozillas Ben Adida wrote in a blog post. Adida leads Mozillas identity efforts.
Adida said Persona Beta 1 supports all desktop and mobile browsers and can be deployed quickly, sometimes in as little as 15 minutes.
When you deploy Persona on your website, youre showing respect for your users and their data, he wrote. Youre only asking for the data needed to log them in and users know theyre only sharing exactly whats shown on the screen.
Persona, Mozilla said, affords users the option of not using Facebook, Twitter and other social media log-ins as authenticators and being subject to the website tracking and other privacy implications of doing so. [Persona] is also designed with the Mozilla values in mind, Adida said.
Comments