Mozilla Aims To Make Passwords Obsolete

Mozilla is working on a project that could eliminate the need for passwords and the sign-up/verification processes on websites. Mozilla's BrowserID is an experimental way of logging in to websites. BrowserID uses the verified email protocol and aims to offer a streamlined user experience. After a user proves ownership of an email address, they will be able to use that address with BrowserID to sign in to websites quickly and easily—no passwords or further verification of your email address are necessary.

Introducing BrowserID: A better way to sign in

Jul 14, 2011 — by millsd

Today we’re excited to announce BrowserID: an experimental new way of signing into websites. Our goal with BrowserID was to design something safe and easy for users and the developers. We’d love for you to try it out and let us know what you think.

Why BrowserID?

For a Web developer, creating a new application always involves an annoying hurdle: how do users sign in? An email address with a confirmation step is the classic method, but it demands a user’s time and requires the user to take an extra step and remember another password. Outsourcing login and identity management to large providers like Facebook, Twitter, or Google is an option, but these products also come with lock-in, reliability issues, and data privacy concerns.

With BrowserID, there is a better way to sign in. BrowserID implements the /verified email protocol/, which offers a streamlined user experience. A user can prove their ownership of an email address with fewer confirmation messages and without site-specific passwords.

BrowserID is:

• Easy to use

Users gain a streamlined one-click experience that feels the same on any site they visit. Developers save time by deploying BrowserID, eliminating the need to implement email verification. Check out the links at the end of the post for more information.

• Secure

BrowserID implements the Verified Email Protocol, which is designed with security in mind. Sites get proof of ownership using public key cryptography—but don’t worry, we have a verification service so you can get started without writing a single line of crypto code.

• Cross-browser

BrowserID will work on all modern browsers, including recent versions of IE, and on mobile browsers!

• Decentralized

Anyone with an email address can sign in with BrowserID, and email providers can implement BrowserID support to make the system even easier for their users.

• Even better on future browsers

Although the prototype is implemented entirely in HTML and JavaScript, the system is designed to seamlessly integrate into future browsers. Check out our mockups for an idea of the kind of experience that is possible.

• Respects user privacy

Unlike other sign-in systems, BrowserID does not leak information back to any server (not even to the BrowserID servers) about which sites a user visits.

BrowserID is highly experimental and we’re still iterating, today we’re happy to announce the launch of a prototype for community review. We’d love for you to try it out and let us know what you think. To get started check out the quick tutorial and demo site.

We look forward to hearing your feedback! Check out browserid.org. File bugs on github. Join our mailing list, or simply tweet and include the #browserid tag.