Life after passwords: Mozilla releases Persona online ID system

Mozilla released an ID system this week called 'Persona,' which promises to be easier and more secure than traditional username/password combinations. However, Mozilla admits the system, still in beta, has a few downsides.

Mozilla's "Persona" online ID system uses a single email to sign users in to sites, rather than relying on different usernames and passwords. Here, Persona prompts a user to sign in to the Times Crossword site.

crossword.thetimes.co.uk

September 28, 2012

Let's face it: passwords are a pain. The best passwords are non-dictionary words (the word "password," for example, isn't as strong as something like "#PAs$W0rd!"), which makes them difficult to remember. And for maximum security online, experts recommend that you don't use the same password across different sites – which only adds to the complexity.

Mozilla, the software foundation behind the Firefox browser, has a plan to make online security easier. This week the company released a beta version of Persona, a system that lets users securely sign into different sites without having to worry about passwords.

How does it work? Rather than relying on each individual website to authenticate users, Persona makes your Web browser of choice (Safari, Firefox, or others) do the work. Traditionally you'd use a combination of a username and password to sign into, say, a banking site – Persona instead uses your e-mail address.

It works like this: pick an e-mail address and a password to use across Persona. Mozilla will e-mail you at that address to verify that it's really yours. Then, any time you encounter a site that supports Persona (the Times Crossword is one early adopter), you can sign in using that single e-mail and password combination.  

The system automatically verifies that you're the real account owner based on the initial e-mail verification. The sites themselves never see your Persona password. Persona does, of course, see your password. The Times Crossword (for example) does not. This feature may reduce your risk of having your password hacked, since it limits individual sites' exposure to your sensitive information.

Mozilla says Persona is identity management that "just works," and it's clearly excited about the service's potential (for what it's worth, most of Mozilla's sites already implement Persona). It's worth pointing out, too, that the service works with all the major desktop browsers – including Opera – as well as with mobile browsers for iOS and Android. You can even create a few different identities with different e-mail addresses, if you want to keep your work and home life separate.

That said, Persona does have at least one downside: since it's still more or less in its infancy, the service doesn't have widespread support from website owners or from individual users. Mozilla admits that the service will be more useful and more secure once it's supported by websites, browsers, and e-mail providers, but that the system "can't get a critical mass of users without support from the above groups." In the meantime, the company has implemented some clever workarounds that allow the service to work smoothly even though it's not totally supported across the board.

For more on how technology intersects daily life, follow us on Twitter @venturenaut.