Mozilla Releases 'Persona' Password Killer

/ Source: SecurityNewsDaily

With the introduction of a beta-version of Persona, Mozilla's new online identification system, the software company wants people to think about Internet security differently and ditch site-specific authentication protocols for verification through the browser instead.  

In theory, once Persona knows who you are, sites like Facebook, Twitter, the New York Times and even your online banking profiles can be accessed using just your email address because Persona stores all your online identities right there in the browser.

Websites have to be Persona-compatible though, and right now, most sites — including Facebook, Twitter and the New York Times — are not. According to Mozilla, however, getting sites to work with Persona is a straightforward task for developers only requires a couple lines of code and can be completed inside of a day.

Once Persona has authenticated a user, the decentralized browser confirms that the email address entered is valid using public key cryptography — no password needed. Persona can handle an unlimited number of email addresses.

The concept benefits websites and developers, too. Persona eliminates the need to create a sign-up and sign-in system and absolves sites of the need and responsibility of safely storing usernames and passwords.

[ How to Create and Remember Super-Secure Passwords ]

Best known for their popular Web browser Firefox, Mozilla began work on Persona in 2011 when it was known as BrowserID. The product name has changed, but the underlying technology is still known as Browser ID (now with a space).

Although Persona streamlines the often-arduous process of creating and signing in and out of various accounts and keeps all details in one place that you have control over, there are still some risks. Were that single password to be stolen, a miscreant could cause Godzilla-like damage to your online world from Facebook to Gmail to iCloud accounts.

Follow Ben on Twitter.