Why Persona for Mozilla?

On November 30th, 2016, Mozilla shut down the persona.org services. Persona.org and related domains will soon be taken offline.

For more information, see this guide to migrating your site away from Persona:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

Persona is an openly distributed, cross-browser identity system providing a solution to the traditional password model. It addresses the usability deficiencies that plague other privacy-related systems such as OpenID, without resorting to a centralized infrastructure such as Facebook Connect.
 
The current approach for establishing and managing user names and passwords is tedious, inefficient, and insecure. Users must create and remember complex passwords for each site and service. Sites then must securely encrypt and store passwords to prevent the leaking of sensitive information. The prevention and negation of security leaks is the primary reason for the use of Persona, but the flexibility of its systems outclasses most standard identity security systems.
 
Note: For more detailed information about Persona and its functions see What is Persona and how does it work?

Persona eliminates the need for per-site passwords

Persona utilizes a safe, two-click system built on top of public-key cryptography for logging in to websites. The user's browser generates a cryptographic affirmation of identity that expires after a few minutes and is only valid on one site. By avoiding passwords, users do not need to worry about remembering several distinct passwords and need no longer be concerned with unsecure access to their password. This quick and easy sign-in process eliminates the current inefficiencies of traditional account registration and allows users to quickly establish accounts on websites.

Persona uses email addresses as identities

Persona's system relies on email addresses as their key component because of email's inherent versatile and private nature. The pre-existing infrastructure works very well from not only a design perspective but an ideal perspective of openly maintained and safe transfer of identity across the Internet.

 

Benefits for the user

  • Users already know their email addresses. They don't have to learn a new and potentially confusing system, like OpenID.
  • The email addresses carefully capture the idea of someone@some-context. This makes it easier for users to keep their identities @work, @home, or @school separate. This differs from the trend of linking together many accounts through real identity, single-account policies on social networks like Google+ and Facebook.
  • Email can be self-organized or delegated to other providers, giving users control of their identity. This ability is greatly diminished when one must consolidate many accounts into one identity. 

Advantages for developers

  • Email addresses let developers communicate directly with users.
  • Persona provides email addresses to websites automatically when a user logs in, eliminating the need for additional post-signup forms.
  • Many login systems treat email addresses as unique keys, so there is no lock-in to Persona and it can be integrated with existing access systems. Any user who has an email address can access content almost immediately.

How Persona is different from other providers of single sign-on

Persona protects privacy, provides the user with control, and embellishes choice in a way that other security providers can't. Many social networks like Facebook and Google+ require users to use their real names, accept their policies, and limit users to only one account. Persona allows users to keep their work, school, and social identities separate by using email addresses as a unique identifier rather than real names. Because of this anonymity you are guaranteed an extra layer of identity and network protection that most social networks do not have.

Persona also takes a new approach to protecting user privacy by placing the user's browser in the center of the authentication process. The browser obtains credentials provided by the user's email, then presents these credentials to a website. The email provider cannot track the user, but sites can still have confidence in the identity of the user by cryptographically verifying the credentials. Most other systems, even distributed systems like OpenID, require sites to connect to central networks before allowing a user to log in.

The efficiency of Persona allows an advanced relationship between developers and users. Mozilla is leading the way in open and free web development, and Persona supports Mozilla's design philosophy through its easy-to-use interface and user protection features.

Document Tags and Contributors

 Last updated by: Sheppy,