Now that most of us regularly use dozens of sites on the Internet that all ask us to remember different login credentials, having a secure way to use a single login and password for all of these sites becomes more and more important (especially given that using the same password for every site – as many people do – is never a good idea). Thanks to OpenID, Facebook Connect and similar solutions, signing in to sites that support those protocols is now a lot easier than it used to be. OpenID, however, never quite caught on with users and using Facebook Connect means that a lot of your identity information is also made available to the sites you want to sign in to. Now, Mozilla, the organization behind the popular Firefox browser, is launching BrowserID, a decentralized protocol that, according to Mozilla’s announcement, will make it easy for users to sign in to websites with their existing email addresses and doesn’t suffer from “lock-in, reliability issues, and data privacy concerns.”
With BrowserID, users will be able to use any existing email address to verify their identity to websites that implement this system. To do so, the system users the Verified Email Protocol. Mozilla also stresses that BrowserID “does not leak information back to any server (not even to the BrowserID servers) about which sites a user visits” and provides “a safer and easier way to sign in.” You can find more detailed information about how BrowserID works here.
How it Works
Basically, this allows you to use your existing email address (so you don’t have to sign up for yet another service) to sign in to a website with just one click (after you have authenticated your browser once before). To see how this works, head over to this demo site and click on the blue “Sign in” button or watch the following video, which includes a step-by-step demo of the service.
Mozilla currently hosts a BrowserID server for developers, but, as Mozilla’s Matt Brubeck notes on a discussion on Hacker News, any site can independently implement the protocol as well.
Not Just for Firefox
It’s worth noting that BrowserID isn’t tied to any specific browser vendor and works just as well in Firefox as Internet Explorer and Chrome. It also doesn’t have to be specifically supported by your email provider, though according to Mozilla, those providers that do support it will be able to provide “a better experience and more control if they do.”
In the future, as browsers implement this feature natively, you won’t have to sign up for a specific service anymore – browserid.org is really just a temporary construct for now. It’s also worth noting that Mozilla hopes to work with other identity providers like Facebook, Google and Twitter to standardize this protocol.