Identity at Mozilla

Home of the Mozilla Identity team

  1. New Persona Beta: Millions of Users Ready to Log In using Any Browser

    Apr 9, 2013 — by benadida

    Persona, Mozilla’s easy and safe way to log into your favorite websites, using any modern browser, is now in Beta 2. The goal of Persona is simple: we want to eliminate passwords on the Web. This release, packed with performance improvements and new features, brings us another big step closer to that goal. In particular, we’ve made it easy for users with existing Web accounts to log in without creating a new account or password. This brings secure login within two clicks for hundreds of millions of users worldwide, regardless of whether they’re on a desktop, tablet, or mobile phone.

    We’ve recently seen a few notable sites implement Persona, including: Born This Way Foundation, Firebase and the Orion Project. These deployments highlight Persona’s simple implementation, ease of use, user-safety, and the fact that, because Persona is built by a non-profit, users – and only users – own and control their identity. Let’s show you Persona Beta 2 in action:

     

    Identity Bridging

    The most important feature of Persona Beta 2 is Identity Bridging, where users can log into Persona-supporting web sites with their existing accounts. We’re starting with yahoo.com. Try it now on our sample site 123done.org: click “Sign in”, enter your yahoo.com email address, and go!

    Websites that use Persona benefit from this improvement immediately: hundreds of millions of Web users are now ready to log in with just a few clicks. Users have complete choice and a simple flow: click one login button and select your preferred email address. Identity Bridging kicks in dynamically based on the user’s chosen email address.

    The technical details behind Identity Bridging are detailed on the Mozilla Hacks blog. You can also read a detailed Q&A with Lead Engineer Lloyd Hilaiel.

    More Improvements

    Twice as Fast. We know performance is important to every site, so we made our button and popup load twice as fast. We’re working on more improvements as we go.

    Use your Existing Accounts. We’ve bridged yahoo.com, but of course we built an open system: any domain can now become a Persona Identity Provider so users can reuse their existing accounts on any site that uses Persona.

    Built Into Firefox OS. We built in support for Firefox OS and made Persona much faster on all mobile devices. This gives Firefox OS apps an even better experience when using Persona.

    Adoption

    Our adopters make us blush with the nice things they have to say about Persona.

    Tara Tiger Brown of Born This Way Foundation commented: “Our mission at Born This Way Foundation is to promote a kinder, braver world where youth feel empowered to be themselves in a safe and supportive environment. In order to support our mission, we must keep our Born Brave Nation members’ identities and information safe. Mozilla Persona is a single sign-on online identity system that respects user privacy, very user friendly and simple to setup and maintain.”

    Anant Narayanan of Firebase, makers of a scalable real-time backend that lets developers build apps fast without the hassle of managing servers, said “We added support for Persona as one of the authentication mechanisms for our Simple Login service, and we are very pleased with the result! The distributed nature of Persona and its elegant API makes it the ideal candidate for the types of apps we want people to build with Firebase.”

    Ting, Tucows’s mobile phone service that makes sense, implemented Persona and said “The fact that user privacy is one of the foundations on which Persona is built means it’s the first single sign-in solution that we feel is worthy of recommendation and of implementation.”

    Barry Warsaw, who runs the omnipresent GNU Mailman mailing list manager, added “GNU Mailman 3 chose Persona as our primary authentication mechanism because its email-based login system is a perfect fit for our mailing list software. All we need to identify a person is confirmation that they own their subscription address, and integrating Persona made that verification easy. Ideally, we’d like to do away with passwords altogether, and with Persona, this is now possible.”

    Simon Kaegi of the Orion Project added “Persona is the simplest means of high quality authentication I’m aware of. In our UX review, Persona was clearly superior to OpenID.”

    Discourse, the company rebooting online discussion forums, added Persona support to its codebase and enabled it on its own discussion site, adding “It has a very slick user experience, so we hope people try it out.”

    Julius Schorzman of DailyCred, the instant CRM package for any web site, implemented Persona and remarked “We’ve seen from our internal metrics that more than 70% of users still prefer email and password authentication over social log-in like Facebook. Implementing Persona is actually easier than Facebook Connect, or any OAuth implementation we’ve seen.”

    Acros Security, the third-party reviewers we brought in to audit Persona, told us “We’re quite impressed with the level of security [of Persona] and, although paranoid by design, we will be able to trust it with our own online identities.”

    Your Turn

    We’re building Persona in the same way we do everything at Mozilla: in the open, with your help and contributions. Now it’s your turn. Deploy Persona on your web site. Turn your domain into a Persona Identity Provider. Tell us what you need to make Persona even better. Want to fix it yourself? Send us a patch.

    Together, in the open, we will continue to build a login system that is better: Better for users, better for web sites, and better for the Web.

    UPDATE: We mistakenly attributed a quotation to the Eclipse Foundation’s Ian Skerrett. It should have been attributed to the Orion Project’s Simon Kaegi. The text above shows the correction.