Mozilla pushes simplified Browser ID login system

Mozilla pushes simplified Browser ID login system

Summary: The open-source experiment makes it possible for users to prove ownership of email addresses in a secure manner, without requiring per-site passwords.

SHARE:
TOPICS: Browser
3

Mozilla's identity team has launched a new decentralized identity system aimed at replacing ad-hoc application-level authentication based on site-specific user-names and passwords.

The open-source experiment, called Browser ID, makes it possible for users to prove ownership of email addresses in a secure manner, without requiring per-site passwords.

A technical explanation is available:

BrowserID uses asymmetric cryptography and digital signatures to allow browsers to create signed assertions about the user's identity, and by identity providers to vouch (via signing of a key-email pair) for a user's identity in a disconnected fashion. BrowserID uses cross document messaging to communicate between documents served from different domains, which makes a usable implementation of BrowserID possible right now without modifications to existing browsers.

This video offers more details:

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Questions

    1) Any chance that Chrome and IE will pick it up? Without support by major browsers, it's DOA.

    2) How well has the security been tested? Have the security professionals vetted it yet? Can it be easily fixed if things are broken? The last thing we need is a security fiasco with this.

    3) Are websites embracing it? This is vital. Many, many similar solutions have failed because nobody running a website used them.

    It's interesting, but I'm afraid my hopes aren't really that high. Single sign-on has been very popular as a theory, but in practice very few websites have been willing to give up their user name & password systems. This isn't the first time it's been tried - and it probably won't be the last, I'm afraid.
    CobraA1
  • RE: Mozilla pushes simplified Browser ID login system

    How private is this? I mean, if I use one e-mail address for my mainstream shopping sites, and another e-mail address for, say, adult websites, is it possible for the two e-mail addresses to be connected by this? That would be undesirable.
    PatHMV
    • RE: Mozilla pushes simplified Browser ID login system

      @PatHMV They shouldn't be able to see each other, just the email address.
      CobraA1