Modernizing Authentication — What It Takes to Transform Secure Access
Mozilla recently announced the first beta release of its Persona authentication system, which is designed to eliminate the need for site-specific passwords.
"Persona is ready to use for authentication: it works in all major smartphone, tablet, and desktop browsers, the user experience has been thoroughly reviewed and polished, we’re committed to the core APIs, and its infrastructure is highly available and stable," Mozilla senior software engineer Dan Callahan wrote in a blog post.
"Persona, when integrated into a website, eliminates the need for users to re-enter passwords; a one-time email address is the only authenticator required after an identity is registered," writes Threatpost's Michael Mimoso. "According to the Mozilla developer site, instead of requiring a password, the user’s browser will generate cryptographic identity assertion that lasts only a few minutes and works only for one site. This eliminates the need for sites to have to store passwords or losing them to an attacker."
"What may be most attractive to Web sites is that Persona can coexist alongside existing login methods," writes WebProNews' Zach Walton. "It’s similar to how Web sites can offer traditional email and password logins alongside Facebook and Twitter logins. Mozilla’s Persona aims to be a more secure version of those specialized logins."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The success of Persona depends heavily on two unknowns: Web site adoption, which requires developers to add yet another login system to their site, and the subsequent adoption by individual netizens," writes CNET's Seth Rosenblatt. "Mozilla's dedication to openness and privacy certainly set Persona on a competitive track. But some big unknowns remain -- namely, what it will take for Mozilla to make it a success, and then whether the organization can pony up the necessary promotion and development."