Persona utilizes a safe, two-click system built on top of public-key cryptography for logging in to websites. The user's browser generates a cryptographic affirmation of identity that expires after a few minutes and is only valid on one site. By avoiding passwords, users do not need to worry about remembering several distinct passwords and need no longer be concerned with unsecure access to their password. This quick and easy sign-in process eliminates the current inefficiencies of traditional account registration and allows users to quickly establish accounts on websites.
Benefits for the user
- Users already know their email addresses. They don't have to learn a new and potentially confusing system, like OpenID.
- The email addresses carefully capture the idea of
someone@some-context. This makes it easier for users to keep their identities
@schoolseparate. This differs from the trend of linking together many accounts through real identity, single-account policies on social networks like Google+ and Facebook.
- Email can be self-organized or delegated to other providers, giving users control of their identity. This ability is greatly diminished when one must consolidate many accounts into one identity.
Advantages for developers
- Email addresses let developers communicate directly with users.
Persona provides email addresses to websites automatically when a user logs in, eliminating the need for additional post-signup forms.
Many login systems treat email addresses as unique keys, so there is no lock-in to Persona and it can be integrated with existing access systems. Any user who has an email address can access content almost immediately.
Persona protects privacy, provides the user with control, and embellishes choice in a way that other security providers can't. Many social networks like Facebook and Google+ require users to use their real names, accept their policies, and limit users to only one account. Persona allows users to keep their work, school, and social identities separate by using email addresses as a unique identifier rather than real names. Because of this anonymity you are guaranteed an extra layer of identity and network protection that most social networks do not have.
Persona also takes a new approach to protecting user privacy by placing the user's browser in the center of the authentication process. The browser obtains credentials provided by the user's email, then presents these credentials to a website. The email provider cannot track the user, but sites can still have confidence in the identity of the user by cryptographically verifying the credentials. Most other systems, even distributed systems like OpenID, require sites to connect to central networks before allowing a user to log in.
The efficiency of Persona allows an advanced relationship between developers and users. Mozilla is leading the way in open and free web development, and Persona supports Mozilla's design philosophy through its easy-to-use interface and user protection features.