April 9, 2013
Firefox Aims To Kill Passwords With New ‘Persona’ Feature
Michael Harper for redOrbit.com — Your Universe Online
Online safety is a matter of balancing convenience and security. To get more of one, you almost inevitably have to sacrifice a bit of the other. However, Mozilla is working to give its Firefox users the luxury of having both with their new feature called Persona. Web programmers can install the Persona protocol and begin offering this service to Firefox users soon, and Mozilla shipped Persona Beta 2 today along with new Do Not Track features.
Mozilla claims their new Persona feature is meant to “eliminate passwords on the web.” One of the most interesting and innovative features of Persona is called “Identity Bridging,” which uses a known and trusted identity to log in to other sites and services. For example, Mozilla is highlighting yahoo.com as a common login which may be used elsewhere. A Firefox user with a Yahoo account can use this login information to log into other sites with Persona built in. This way, users only need to know one login and password combination rather than keep a running tally of several passwords or use another password storage service.
Over the past 12 months there have been numerous attacks and hacks against various online services, thus highlighting the importance of keeping multiple secure passwords. With Persona, Mozilla hopes to offer the same level of security with the convenience of remembering only one email login and password.
According to a company blog post, this feature doesn´t only benefit the users, it also benefits other web services.
“Websites that use Persona benefit from this improvement immediately: hundreds of millions of Web users are now ready to log in with just a few clicks,” reads the company blog, written by user Benadida.
“Users have complete choice and a simple flow: click one login button and select your preferred email address. Identity Bridging kicks in dynamically based on the user´s chosen email address.”
Mozilla also lists a few websites that have already built Persona into their offerings, including the Born This Way Foundation and the Eclipse Foundation.
As a non-profit organization, Mozilla is also opening up the codebase for perusal and implementation.
The Mozilla Hacks blog explains how Persona and Identity Bridge work. According to this blog, Identity Bridge works by connecting the OpenID or OAuth authentication protocols with one common email login.
Mozilla is slowly starting to roll this service out to programmers and is starting small with Yahoo.com email addresses. As more sites begin to use the service, they´ll begin allowing other email users the ability to take advantage of the feature.
“Identity Bridging keeps the sites a user visits out of the purview of their identity provider,” says the company in their hacks blog.
“This is one of those rare and wonderful cases where we can improve both usability and security at the same time!”
Persona is now available in the latest beta release of Firefox 21. Also available in this beta version is a new Do Not Track header. With this beta build, users are now given three options when it comes to allowing tracking online: Do Not Track, Tracking Is Ok, or nothing.
In addition to choosing whether advertisers should be allowed to track, Firefox now gives users the chance to wash their hands of the entire debate and remove any Do Not Track signal in any iteration.