September 30, 2012
Persona Single-Password Authentication System Enters Beta
redOrbit Staff & Wire Reports - Your Universe Online
In what will undoubtedly be good news for anyone who struggles to remember the many usernames and passwords required to log into webmail, cloud storage, or social networking accounts, Mozilla has launched the first official beta version of their browser-based identity verification system Persona.
Persona, which Lucian Constantin of IDG News Service says was known as BrowserID when it was initially revealed last July, was created in order to eliminate the need to come up with and remember individual log-in credentials for different websites.
In order to use the service, users must first go to the Persona website and create an account, Constantin said. They are then asked to add one or more email addresses -- however many they use for the various accounts they want to link to Persona -- and create a single password for Mozilla's service. Finally, they are asked to click one link for each email account to verify that they are, in fact, the owner of that account.
"Persona essentially aims to give you a cross-platform, cross-browser way to log into a variety of Web sites with a single username and password -- but without compromising your privacy," explains CNET's Seth Rosenblatt.
According to Rosenblatt, Mozilla claims that the service creates a barrier between "the act of logging you in and whatever you do once you've logged in. This is a notable difference from social-networking services“¦ which track your navigation after you've logged in. Even when not logged in, social-networking site widgets can report back who has visited a site where the widget is embedded."
Rosenblatt said that the verification program currently works on most Windows, Mac, Linux, iOS and Android-based web browsers, and that signing up for an account took him a mere 10 seconds. ZDNet's John Fontana added that the beta version also includes a new application programming interface (API) which adds, among other features, the ability to universally log out from the service from any device.
"Persona offers a secure way to eliminate individual passwords for users while offering developers a simple way to add support and authenticate requests -- think of it as OpenID without the headaches," Webmonkey's Scott Gilbertson said. "It´s part of Mozilla´s effort to tackle online identity management by shifting the focus from individual websites to a decentralized system that sites tab into."
"However," Constantin said, "there are some drawbacks" to Persona -- namely, the fact that if an individual's Persona password becomes compromised, it would give hackers access to all of that user's accounts. Mozilla's Ben Adida, the project head, said that there is currently "no way around this," but pointed out that the company is considering additional security methods in future versions, including two-factor authentication.
"The success of Persona depends heavily on two unknowns: Web site adoption, which requires developers to add yet another login system to their site, and the subsequent adoption by individual netizens," Rosenblatt said. "Mozilla's dedication to openness and privacy certainly set Persona on a competitive track. But some big unknowns remain -- namely, what it will take for Mozilla to make it a success, and then whether the organization can pony up the necessary promotion and development."