Mozilla develops BrowserID secure sign-in system

Users may soon sign in to various websites minus the hassle of having to remember individual passwords, with a new identity system being developed by Mozilla. Mozilla said its experimental BrowserID system seeks to use verified email addresses as a universal password of sorts to gain access to various sites. "With BrowserID, there is a better way to sign in. BrowserID implements the /verified email protocol/, which offers a streamlined user experience. A user can prove their ownership of an email address with fewer confirmation messages and without site-specific passwords," it said in a blog post. It said the BrowserID service will initially verify email addresses by having the user prove he or she controls his or her email address. Once the email address is verified, a user can use BrowserID to instantly sign in to sites that support BrowserID. Mozilla said the present classic method, which involves verification measures, "demands a user’s time and requires the user to take an extra step and remember another password." It added outsourcing login and identity management to large providers like Facebook, Twitter, or Google is an option, "but these products also come with lock-in, reliability issues, and data privacy concerns." BrowserID advantages Mozilla touted at least six advantages of BrowserID:

• Ease of use: a streamlined one-click experience that feels the same on any site users visit. Developers save time by deploying BrowserID, eliminating the need to implement email verification.
• Security: BrowserID implements the Verified Email Protocol, which is designed with security in mind. Sites get proof of ownership using public key cryptography.
• Cross-browser capability: BrowserID will work on all modern browsers, including recent versions of IE, and on mobile browsers.
• Decentralization: Anyone with an email address can sign in with BrowserID, and email providers can implement BrowserID support to make the system even easier for their users.
• Future compatibility: The prototype is implemented entirely in HTML and JavaScript, but the system is designed to seamlessly integrate into future browsers.
• Respects user privacy: BrowserID does not leak information back to any server, not even to the BrowserID servers, about which sites a user visits.

Meanwhile, an article in PC Magazine said another positive thing for BrowserID is that it makes a user's email address their identity. But it said the experiment so far works only on a few early adopting websites so far. "Until the protocol gains a bigger footprint across lots of popular Web destinations, it's just another identity verification process to go through without a lot of return for your time," it said. — TJD, GMA News