Mozilla Aims To Make Passwords Obsolete - HotHardware
Mozilla Aims To Make Passwords Obsolete

Mozilla Aims To Make Passwords Obsolete

Mozilla is working on a project that could eliminate the need for passwords and the sign-up/verification processes on websites. Mozilla's BrowserID is an experimental way of logging in to websites. BrowserID uses the verified email protocol and aims to offer a streamlined user experience. After a user proves ownership of an email address, they will be able to use that address with BrowserID to sign in to websites quickly and easily—no passwords or further verification of your email address are necessary.

Introducing BrowserID: A better way to sign in

Jul 14, 2011 — by millsd

Today we’re excited to announce BrowserID: an experimental new way of signing into websites. Our goal with BrowserID was to design something safe and easy for users and the developers. We’d love for you to try it out and let us know what you think.

Why BrowserID?

For a Web developer, creating a new application always involves an annoying hurdle: how do users sign in? An email address with a confirmation step is the classic method, but it demands a user’s time and requires the user to take an extra step and remember another password. Outsourcing login and identity management to large providers like Facebook, Twitter, or Google is an option, but these products also come with lock-in, reliability issues, and data privacy concerns.

With BrowserID, there is a better way to sign in. BrowserID implements the /verified email protocol/, which offers a streamlined user experience. A user can prove their ownership of an email address with fewer confirmation messages and without site-specific passwords.

BrowserID is:

  • Easy to use

Users gain a streamlined one-click experience that feels the same on any site they visit. Developers save time by deploying BrowserID, eliminating the need to implement email verification. Check out the links at the end of the post for more information.

  • Secure

BrowserID implements the Verified Email Protocol, which is designed with security in mind. Sites get proof of ownership using public key cryptography—but don’t worry, we have a verification service so you can get started without writing a single line of crypto code.

  • Cross-browser

BrowserID will work on all modern browsers, including recent versions of IE, and on mobile browsers!

  • Decentralized

Anyone with an email address can sign in with BrowserID, and email providers can implement BrowserID support to make the system even easier for their users.

  • Even better on future browsers

Although the prototype is implemented entirely in HTML and JavaScript, the system is designed to seamlessly integrate into future browsers. Check out our mockups for an idea of the kind of experience that is possible.

  • Respects user privacy

Unlike other sign-in systems, BrowserID does not leak information back to any server (not even to the BrowserID servers) about which sites a user visits.

BrowserID is highly experimental and we’re still iterating, today we’re happy to announce the launch of a prototype for community review. We’d love for you to try it out and let us know what you think. To get started check out the quick tutorial and demo site.

We look forward to hearing your feedback! Check out browserid.org. File bugs on github. Join our mailing list, or simply tweet and include the #browserid tag.

0
+ -

Hey. Anything to help me login without remembering passwords right?

I do hope that allow us some hands on action with this thing, passwords have become soo commonplace that I don't know if anything can displace those. Anything...

+2
+ -

How long will it take to hack, or spoof?

+1
+ -

"Unlike other sign-in systems, BrowserID does not leak information back to any server (not even to the BrowserID servers) about which sites a user visits.". I'm liking this part!!

But as Neil said, I'd be worried about it getting hacked or spoofed for sure! I'll definitely be following the progress on this and will try it out when it's fully released!

+2
+ -

Manduh:
I'll definitely be following the progress on this and will try it out when it's fully released!

Yeah,....I'll try it out too. Once I hear about it being hacked, I'll quit using it.

0
+ -

Yeah, as much as I love how convenient technology is making my life I don't know how safe I feel essentially putting all of my login info in the hands of one function. If someone somehow gets access to your email (which will happen, I'm sure) they can get access to all of your websites, as well. Identity theft made easy.

0
+ -

this seems somewhat to similar signed public key rings to verify authenticity  ?? mmm

.. if so it should be solid & convenient &  going to check it out a bit

0
+ -

"Yeah, Neil, I mean my browser already stores all my email and websites passwords , why no give this a try, Firefox is my fave. Hopefully the lulzsec and Anonymous boys dont target this"

-Optimus

update: Unlike other sign-in systems, BrowserID does not leak information back to any server (not even to the BrowserID servers) about which sites a user visits.

"I overlooked that"

+1
+ -

I agree realneil how long before it is hacked in some way. I really like the idea behind this of having a single sign on for most places. I would not be surprised when financial institutions start handing out key fobs that generate a token every few seconds and prompting for that number each time you login.

0
+ -

Like manduh says, it doesn't leak any information back to the servers so I'm guessing that we'll be safe for the long-run.

Unless... They decide to hack the server, decipher the ID's and then spoof the ID's so that it makes them seem like us.

0
+ -

So now... I just have to remember one password for BrowserID, for that one web site that's actually going to use it - since you know Microsoft, Yahoo, Google, Amazon, EBay, etc. are going to prefer the systems they've already created. Great!

Oh... wait...

0
+ -

lol, neat feature to have. i have all my passwords set to a "G" key on my keyboard... lol

0
+ -

hila

+1
+ -

how's this different from OpenID??

Login or Register to Comment
Post a Comment
Username:   Password: