Mozilla launches its privacy-friendly website login system
Remember Mozilla’s introduction of the BrowserID browser-based system for identifying and authenticating users?
Well, the login system that was created a privacy-friendly alternative to those employed by Google, Facebook and Twitter is now called Persona, and Mozilla has announced its first beta release on Thursday.
Mozilla changed more than just its name – the scheme now has a new API, the first-time user experience has been made easier and faster, the website’s name and logo are present in the login dialog, and there is the possibility to include links to one’s site’s terms of service and privacy policy in order for users to be able to peruse them before login into it.
“These changes have been well received and we’re seeing Persona gain traction outside of Mozilla,” says Dan Callahan, Senior Software Engineer working on the project, and explains that Persona coexists well with existing login systems and only takes a single afternoon to integrate.
“What’s more, because Persona logins are based on email addresses, sites still maintain a direct relationship with their users.”
Apart from being developed by Mozilla, which is a not-for-profit company, Persona is also an open source project to which other developers can contribute to.
Also, Persona is mindful of user privacy, as it doesn’t track the users’ activity around the Web once they have logged in.
“It creates a wall between signing you in and what you do once you’re there. The history of what sites you visit is stored only on your own computer,” Mozilla explains.
But there are still things that have to be fixed in order to make Persona as good a solution as it has the potential to be.
Persona project lead Ben Adida shared with Computerworld that the users’ Persona password can be compromised or stolen, and other users could impersonate them online, but that Mozilla is working on additions that should make this outcome almost impossible: two-factor authentication and session protection mechanisms.
Whether Persona will succeed in supplanting other similar authentication schemes depends on the rate of website adoption and on whether the regular Internet users will actually use it, but its open source nature and respect of user privacy is a great plus.
Persona is currently supported by a slew of desktop and mobile browsers, including the last two versions of IE, Firefox (naturally), Chrome, Safari, iOS, Android’s default browser, and Firefox and Chrome for Android.