Mozilla Forges Ahead with Persona Authentication/Privacy Scheme

by Ostatic Staff - Apr. 12, 2013

Last September, OStatic covered Mozilla's public beta of Persona, a browser-centric system for logging in to online sites that could do away with managing lots of usernames and passwords. This week, Mozilla delivered beta 2 of the authentication scheme, and it's clear the company has very ambitious plans for standardizing Persona all around the world. Mozilla has published a Q&A on how Persona may save time and reduce hassles online.

Persona consists of a series of components that facilitate browser-based authentication using email addresses as credentials. As part of Beta 2, Mozilla announced it would support Persona-based authentication using email addresses. Persona is designed to do away with the login and password-centric methods of authentication used at many sites now, and includes an API that will require buy-in across the Internet for Persona to succeed. 

In a Q&A online with Mozilla's Lloyd Hilaiel, he makes clear that Persona is designed to increase user privacy while reducing hassles:

"Tristan Nitot – For those of us who don’t know what is Persona, can you tell which problem are we trying to solve?

Lloyd – The problem we’re trying to solve is that passwords are terrible. They’re hard to remember, hard to type (especially on your phone), and given user behaviors – they don’t provide nearly as much security as people expect.

Persona is an answer to this problem: an open authentication system for the web that when fully realized will make it so users can safely use the same email address and password to log into all the sites they care about.

Tristan – Please allow me to play devil’s advocate for a a second: why is Mozilla one of the few organizations to do this kind of thing? Why not Facebook or Twitter?

Lloyd – Facebook and Twitter have staggering user populations and have made types of communication and even social movements possible that are inspiring. Both, however, are businesses who’s success criteria is related to the number of users they have and the level of engagement of these users.

So while Facebook and Twitter already have “one click sign-on” solutions available that allow massive convenience, they’re very tightly coupled with the core purpose of these platforms: social interaction. Facebook and Twitter sign-in conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf. Sometimes this is what a user wants, but far too often it’s absolutely not. People get really upset when advertisements or high scores are broadcast to their friends unexpectedly.

 The most notable thing about Persona is that it isn't tied to the goals of any one website or online service. It's an attempt to standardize open authentication. Previous attempts to do that, such as OpenID, have had very limited success, though.

According to Hilaiel: 

"Mozilla is in a position to fix this because our goals resonate deeply with the privacy, security, and convenience of Persona as a solution to the problem of sign-in on the web. Further, we’re willing to invest heavily in a project that will pay us back not monetarily, but in the form of a meaningful improvement in the Internet as a global public resource."

Mozilla's next step is to get developers to buy into Persona. We shall see.