Mozilla pushes browser-based alternative to passwords
Give us your keys to look after, we're lovely
Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.
Browser ID offers a decentralized system for user identification and authentication along the same lines as OpenID. To use BrowserID users first have to create an account with Mozilla. After this users would be able to use the technology to enter websites that support BrowserID simply by entering their email address.
The technology competes with OpenID, which is already used by prominent sites such as Twitter and Facebook. Mozilla is pushing BrowserID as a more secure and privacy-sensitive method than its competitors.
BrowserID was first released by Mozilla back in July 2011 as a prototype. Mozilla only finished deploying the technology across its own sites earlier this month.
In a blog post, Mozilla's identity-tech chief Ben Adida signalled plans to push for a wider public release this year and opened a consultation programme. Mozilla is keen to nip any potential concerns about user tracking and online privacy in the bud.
Adida's blog post on "new user-centric services" also trails plans for Mozilla to introduce a mobile web-based operating system (codenamed B2G) and an app store later this year. ®
Sounds rather similar to the Passport system Microsoft announced which nobody else trusted or wanted.
A central point of failure isn't a good idea, if that database gets hacked then you're screwed.
I can understand the negative comments, because the article describes BrowserID completely and utterly incorrectly.
The neat point of BrowserID is that it *isn't* centralized and does *not* require a sign up with Mozilla. Mozilla is operating the initial verification service because, well, someone has to. But anyone can run one. The system was designed on the idea that email providers will act as verifiers for the addresses they provide.
BrowserID is a pretty elegant design and somewhat different from OpenID, but this article does a piss-poor job of understanding and explaining it. I recommend referring to:
and the rest of that blog (it's interesting stuff) instead. BrowserID may not succeed, but it's at least an interesting and well-motivated attempt to address a genuine issue. It's not just another silly vendor trying to make a play at the single-sign-in market.
Don't change a winning formula
I kinda stopped paying attention after "you only need to register".
Why would you want your data to be kept online somewhere when you could just as easy have it all tucked away on your local PC ?
And before anyone brings up "ease of use"; why don't they simply implement an option which allows us to import and export saved passwords? That way you can easily copy them from your main computer onto your laptop so that you can still easily visit the websites you frequent without having to worry about passwords.