My major concern with this, beside the eggs-in-one-basket issue, is that this places even more value on my email account.
Years ago, my email account was simply used for exchanging short pieces of text with acquaintances and companies. Now it's the central key to all my authentication sessions and finances, and therefore presents a huge target for attackers.
I've been looking for ways to reduce the risk associated with losing access to my email account, should that ever happen. Yet for all its benefits, Persona still places yet more importance on protecting my single email password.
You could say the same about any traditional username/password signup that sends a confirmation email and allows you to reply to an email to reset your password. Ultimately, that's just relying on the security of your email, too. So while you are correct that Persona doesn't solve that problem, it doesn't make that problem any worse compared to the default option of an email-confirmed username and password.
I think that's what the parent post was getting at. Originally email was just used for exchanging messages, now that most sites use it to authenticate a user there is a much higher cost to losing access/having it hacked.
Considering that it's a new protocol, why not try to solve that old problem? At the very least, they could allow you to disable email-based password reset in favor of printed code. That would be a smart thing to do.
You would get a random code or several codes you print out and put into a safe place. If you ever forgot your password, you would dig it our and supply to the website to trigger a reset (which could include or not include email-based verification). The codes would only be usable for passwords resets.
Yes, most authenticated web services offer a "forgot password" option, and their security is thus tied to your email account. However, each one of these decentralized services on its own is not as valuable as the entire ecosystem of Persona-enabled sites will be.
That is, the Persona "forgot password" is a single point of failure which, if compromised, can provide access to a whole ecosystem of sites. And it will be tied to your email account.
I'm still not seeing a distinction. Your email account is already a single point of failure for every account registered with that email that has a "forgot password" feature.
Maybe it would help if we considered two hypothetical scenarios. A: Your email is compromised, and you're registered on 15 websites with that email, each of which has a "forgot password" option. B: Your email is compromised, and you've used Persona to sign into 15 websites. In what concrete, practical way is B a more damaging situation than A?
Great point! And the recovery process is much easier in the Persona case... because you only have to fight to get back your Persona account. Today you'll have to
1) Fight to get your email account back
2) Visit each and every site and manually recover your account
I think the ship has mostly sailed on email -- most sites use email password recovery, so that choice isn't up to you unless you get a different email address for each site.
You should definitely use 2-factor authentication for your email!
You're right. Gmail does an excellent job with ensuring account integrity. I've lost and subsequently recovered access to Gmail accounts, and I must say they do it right. And like you said, I especially appreciate their two-factor auth.
I hope lay people are coming to realize the security importance of their email accounts.
Persona, the protocol, doesn't actually rely on your email account's password. It uses the domain from your email account to figure out how to authenticate you; if you want to use some other way than via your email, that's fine.
That’s just how their fallback provider works. BrowserID — the protocol — does not rely on email in any way. There’s no guarantee that if you have valid assertion for joe@dns.tld there’s also an email account by that name.
If you log out, that's the password you'll use to log in again. The login session is good for a while so you can continue to login with already-authenticated identities (and you can have as many as you want) on persona-enabled sites.
Thanks for clarifying. I was assuming that was the case but the login/creation page needs to have a graphic or a narrative talking about what it does and how the process works a bit more before it reaches a more public audience. As a software developer I had an idea of how the thing worked but it wasn't spelled out enough. I understand that it's beta but the whole thing is weakly documented from a user's standpoint as to why it should be trusted.
People simply need to be very very careful about protecting their email account. Use two factor authentication, use a PIN on your smartphone, don't type your email address password on random internet cafe computers, etc.
No. Websites should stop outsourcing their security to third parties they know nothing about (such as email providers). It's not just a matter of immediate security, but overall architecture quality as well. Having your entire digital life depend on an account that, for most people, is hosted by a third party, for free and without any guarantees is dumb. Email simply wasn't mean for that kind of use.
Years ago, my email account was simply used for exchanging short pieces of text with acquaintances and companies. Now it's the central key to all my authentication sessions and finances, and therefore presents a huge target for attackers.
I've been looking for ways to reduce the risk associated with losing access to my email account, should that ever happen. Yet for all its benefits, Persona still places yet more importance on protecting my single email password.