arrow_backward Back to blog

Mourning Mozilla Persona

Back in 2011, Mozilla announced BrowserID, the service that was later to become Persona. Giddy with excitement, there was only one bullet point in the original announcement I really cared about:

Although the prototype is implemented entirely in HTML and JavaScript, the system is designed to seamlessly integrate into future browsers.

Yes. Yes! A thousand times hell yes!

Having a bizarre relationship with authentication systems, both passionately hating as well as obsessing over them. I wrote OmniAuth out of sheer rage. Authentication is so basic to nearly every application, yet countless developer hours have been wasted re-implementing the same thing over and over and over.

The Unkept Promise

With bated breath, I followed BrowserID waiting for the day when Mozilla would integrate it into Firefox proper. Sure, the JavaScript popup login widget was a perfectly acceptable polyfill, but surely they knew that the only reason anyone would care is if it became browser-native.

Right?

The months and years ticked by and the dream never came to pass. Persona became just one more social sign-in amongst dozens. When Mozilla announced that they were stopping development, the coverage didn't even mention the original plans for native browser integration.

User Agent Auth: Best Idea EVER

User-agent-native authentication is an awesome idea. An amazing one. The best possible idea. Here's why:

  1. End of Password Hell. You sign in once, to your browser. Presumably this has a very strong authentication method involving SMS verifications and pinky-swears. Once you sign in to the browser, it's simply a matter of clicking "approve" when a website wants access to your personal information.
  2. Great for Mobile. Typing in a strong password on a mobile device is probably one of the more recent additions to the circles of hell. Mobile browsers and even applications could use user-agent-based authentication to skip all that nonsense. You know when you access a Google site on Android and it just pops up a notification like "Sign into this site with yourname@gmail.com"? Yeah that, but for every site and every app.
  3. A Proper Abstraction. Most applications don't really care how you sign in, just that you sign in. I would never have had to write OmniAuth if browser-native auth existed.

So yeah, the best idea ever and it's dying/dead. Pour one out for Persona, we hardly knew ye.

I'm not giving up on the idea though. It makes too much sense to abandon forever. Someone, somewhere will pick the torch back up and carry it across the finish line. I'm just disappointed because we were this close. Thank you, Mozilla, for trying.

Keep the conversation going! We'd love to hear from you.

arrow_backBack

New Project Request













Top