Mozilla is finally and officially closing its Persona Web authentication system after coming to the conclusion that the technology was not being adopted.
Using and storing passwords securely has always been a challenge on the Internet. The promise of Persona was to make Web authentication easier than users needing to remember a separate login for every Website. With Persona, a verified user email that is securely stored by the browser is all that is needed to get access to a site.
The challenge is that both Websites and users needed to support and use the mechanism, which never really happened. Mozilla first started building the Persona technology under the name BrowserID in 2011. At the time, BrowserID was seen by Mozilla as a potential rival to the OAuth standard, which is now widely used by Websites to enable single-sign-on access.
Although Mozilla wasn’t directly developing the Persona technology, since the technology is all open-source, the hope was that a community would develop around Persona to push it forward, but that never happened.
“Due to low, declining usage, we are reallocating the project’s dedicated, ongoing resources and will shut down the Persona.org services that we run,” Mozilla announced on a wiki page about the Persona shutdown.
Mozilla isn’t immediately pulling the plug; it’s giving those that do rely on its Persona infrastructure until Nov. 30, 2016, before all services are finally shut down. The actual open-source code for Persona will remain open source and available on Github.
While Mozilla is walking away from Persona, it has been working on and is now using another technology called Firefox Accounts that integrates with the Firefox Web browser that enables users to synchronize activities across mobile and desktop versions of Firefox.
“Persona is designed to be a dead-simple email verification tool, while Firefox Accounts is a full-fledged, persistent account system,” the Mozilla identity Website explained. “By developing them separately, we’re able to keep each project lean and focused on its own use cases.”
Scott Petry, CEO and co-founder of security vendor Authentic8, isn’t surprised that Mozilla is shutting down Persona.
“There are a variety of federated authentication solutions available, and many are not reaching critical mass,” Petry told eWEEK. “Persona wasn’t able to cross an adoption tipping point to make it stick.”
The Security Assertion Markup Language (SAML) standard is one such authentication technology that is gaining acceptance for federated identity. However, Petry noted that adoption is partially driven by SAML’s integration with enterprise identity solutions.
“Persona wasn’t trying to establish itself as a robust federated authentication system as much as it was trying to provide a more anonymous method for individuals to be able to log in to Websites with some degree of privacy,” Petry said. “That’s a more nuanced message to the market and a much harder target market to get to adopt en masse.”
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…