Mozilla released a new federated login mechanism to replace the login process on many Websites. Using the new systems, users won’t have to remember unique passwords for each site.
Called BrowserID, because it is a browser-based login mechanism, the experimental system uses the Verified E-mail protocol to register user e-mail addresses, Mozilla said. The user enters an e-mail address and a password to register with the BrowserID system. After clicking on a link in a confirmation e-mail, the user has confirmed ownership of the e-mail address and can use it on any site that supports BrowserID.
The idea is that instead of registering and entering login credentials on every Website, the user will clicking on the BrowserID button someone on the site and have it check the system to verify the user before giving access to the site.
“A user can prove their ownership of an email address with fewer confirmation messages and without site-specific passwords,” Mozilla said.
The Website owners will use HTTP and JavaScript to implement BrowserID. The system is designed to respect user privacy and will not leak any data back to the sites.
While Websites can outsource login and identity management to larger service providers such as Facebook, Twitter or Google, many smaller sites are worried about lock-in and data privacy. From a security standpoint, many sites don’t feel up to the complexity of storing registration information securely, and users are overwhelmed with the task of maintaining numerous complex passwords for every site.
BrowserID will work on other browsers, including Internet Explorer.