Hello World, said Persona, Mozilla’s new user authentication mechanism, on last Thursday. Started on July 2011, (previously code named Browser ID), Mozilla had been working on their so called revolutionary sign in technique for more than a year now. How well have they groomed it?
Persona works well in almost all the browsers and platforms like Windows, Linux and Mac. Not to mention the mobile devices running iOS and Android. It is available in more than 25 languages at present and has more in the pipeline. It is easy to deploy and use and takes only a few hours to integrate with the existing logins.
Persona shares the same principles as Open ID in eliminating different usernames and passwords for signing in at different websites. You need to create an account at Mozilla’s Persona Page and associate a password for the email address you use. The primary key here is your email address. And as in any general verification process, you’re sent an email with a link which you need to click to complete the process.
It is different from Open ID in that, it works on the basis of Public Key Cryptographic techniques and all the encryption part that is involved, is done on the client side without the involvement of the website implementing it or the email service provider, thus making it virtually difficult to track your activity online and providing you the maximum privacy ever. Once logged in, your session remains valid only for 5 minutes if you don’t explicitly give ‘remember permanently’ option.
But, it’s got downsides too. It has a single point failure. Crack the persona ID and you’ll have access to whatever sites the person has used Persona login with. There isn’t any way to overcome this. But, Ben Adida, project lead at Mozilla Identity team, has promised that there will be a two way authentication mechanism very much like the one in use with Google login, in the days to come. Also, currently, there is not much profile information that can be associated with the Persona, yes apart from the Name and Email Address. Hopefully, there will be more in coming days. Let’s consider you have a mobile device or PC. You obviously trust it and are never going to let anybody use it, for assumption sake. If suppose, it gets stolen, there isn’t any way to stop others from using your ID. There is no way to revoke Persona access too.
So, yes, apart from the client side authentication, Persona still has a long way to go. It doesn’t seem mature enough to fight back the cons it possesses. But, promising though.