Jump to content.

Mozilla Persona – A new way to log in with an email address

Mozilla, the non-profit organization behind FireFox, has recently came up with a new method for registering and logging in to web sites called “persona”. https://developer.mozilla.org/en-US/docs/Persona

The problem?

Lets face it, registering in to websites is one of the biggest annoyances. Registration screens these days require you to fill in your email address, your password and many ask for other information. Yet again, you have to fill out another form, yet again, you have to make up a new password and make sure it conforms to the site’s rules.

What’s it about?

With Mozilla Persona, you only fill in your email and that’s all. Once you fill in the email address, you check it and click on the confirmation link. Persona logs you in automatically as soon as you click on this link. There is no need to fill in a password during the process.

Mozilla Persona is not only just for convenience. The ‘killer feature’ is it that eliminates the need for passwords altogether. Why is this important? Well, can you trust a random site with your password? Will the password be stored securely or will the password be exposed as soon as the site gets hacked? With the recent high-profile hacks, this problem is escalating in priority, yet using a new password for each website is too cumbersome.

Persona works perfectly with a temporary email service provider! It will work with Guerrilla Mail too. Because Guerrilla Mail doesn’t need a password, this will eliminate the need for passwords once and for all, if persona catches on.

It’s great, but it’s not perfect

Like with any login system, there are some concerns that we have too.

The major concern is that Persona will reveal your email address to the website that you are logging in to. This can be just as bad as giving a password to a website, since the website can use your email address to launch a phishing attack or send you spam.

For example, the website can ask you to log in to your website using a Persona, and then it will learn of your email address which you used to log in. A bad website could send you a fake email telling you that your login failed, and present you with a fake login screen that looks like a login screen to your email. Once a hacker breaks in to your email account, they will probably have access to all websites that you have logged in to with persona in the past, because they may see the records from your email archive. Using 2-factor authentication for your email can help mitigate this problem.

Another problem is that your email address becomes the identity. So what happens if your email address changes or you no longer have access to your email address? What if your email service provider goes out of business or your jobs change?

More weaknesses with persona are described here: http://www.opine.me/mozilla-persona-browserid-is-a-step-in-the-wrong-direction/

Our verdict
GuerrillaMail believes that an email address are not the best way to provide identity, due to some of the weaknesses of Mozilla Persona mentioned above. Although we do think that Persona has a very strong point – that is logging in to websites without a password which make it very attractive to the average user.

Guerrilla Mail is enabled for Persona Right now! You can try it out by logging in to http://theopenphotoproject.org/

Enjoy!