Don Marti

Sat 03 Aug 2013 05:52:27 AM PDT

Point of order: web site login

This started out as a comment over at the Doc Searls Weblog but IMHO it's worth repeating and expanding. Because someone actually made a working solution to a large-scale problem.

Mozilla Persona is full of win.

Especially compared to “social login.”

Mozilla Persona is not just "log in with [big web company]" with a better logo. It's different, and way, way, better. If you're still complaining about the web login problem, you probably just don't understand Mozilla Persona well enough.

Why? RTFAQ.

The BrowserID protocol never leaks tracking information back to the Identity Provider.

So you can use your @example.com email address to log in to whatever sites you like, and example.com never knows which ones.

If your site login method is based on “let’s make users remember complex strings of text, which we know people are really bad at” or “let’s depend on having our users tracked by big companies, which we know people hate” you need to take a short hacking break. Make a simple web application that uses Mozilla Persona, learn how excellent it is, and then never go back.

Bonus link: OAuth of Fealty by Ian Bogost. The short truth is this: Facebook doesn't care if developers can use the platform easily or at all.

And Mozilla would never do anything like that, right? (Seriously. Please don't. Mozilla Persona fanboy here—if you mess it up I'll look like the web authentication version of Zune Tattoo Guy.)