Skip the navigation

Mozilla launches first beta version of 'Persona' website authentication system

By Lucian Constantin
September 27, 2012 03:31 PM ET

Mozilla has also implemented a session protection mechanism in order to limit the security risks that can arise if a user's laptop is stolen while he's still logged into persona.org or if a user forgets to log out of persona.org after using a public computer.

"Users simply need to go change their password from any other computer, and any existing Persona sessions are then locked out and can no longer be used to authenticate the user," Adida said.

"When a user enters their Persona password on a computer they haven't used before, the session is initially just 5 minutes long," he said. "Extending it requires typing in the password again, at which point we prompt the user to tell us whether this computer is theirs or is public."

Persona still has a long way to go until it becomes a practical authentication alternative. First of all, Mozilla needs to convince website developers and important Web services providers to adopt the system and implement it as an option into their websites. In order to facilitate this, a new and easier-to-use Persona API (application programming interface) was launched in August.

"If you are a developer, now is the time to try Persona out. Persona is an open source project and we gladly welcome input and collaboration from the broader community via our mailing list or our IRC channel," the Mozilla Identity team said Thursday in a blog post.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!