Hacker News new | past | comments | ask | show | jobs | submit login

Anyone who wants to see a demo of it, just sign-in here (top right): https://login.persona.org/

Anyone who wants to see how easy it is to deploy (JS on your page, a button, and callback verifier on your server): https://developer.mozilla.org/en-US/Persona/Quick_Setup

Anyone who wants to see it in action: https://www.lfgss.com/

I love everything about Persona except for the fact that Mozilla are no longer supporting a team around it, and it was given to the community in almost an abandon-ware fashion.

The idea that this could have made an impact faster is laughable, choosing an auth provider is such a slow process requiring considerable points of trust to reinforce it... one of the most significant points of trust was Mozilla itself, but it also needed a social reinforcement as more people adopted it. Mozilla didn't give Persona the time it needed.

My criticisms of Persona are nothing to do with the fungible nature of email as identity, which I think is OK enough in principle (it's no less identifying than anything else and changes less frequently than a phone number), but to do with:

1) The way Persona wants to centrally log-out from all sites, when a user's experience is that they can sign-out from one site and remain signed-in on another.

2) The lack of 2FA in the default instance they shipped/supported.

3) Some of the phrasing and language confuses users, especially after changing to Persona. i.e. They were still a user on my site identified by email address, but Persona would declare that they were not recognised... so I'd have to spend time telling the user to ignore that and sign-in anyway.

The core product though, was exactly what the web needed, and exactly what I needed for all of the sites I run.




To address some of your points:

1) That is completely controlled by the site owner. In my sites, for example, I just disabled the Persona JS while the user was logged in, so there was no global log-out possible.

2) I believe the bridge was just a proof of concept, with the intention of email providers supporting Persona directly so all the security could be implemented there. I know you said "default bridge", but my side-project here supports 2FA: https://persowna.net/

3) That is very true, some UX changes were necessary, but imagine if the browser itself could just pop up a window saying "do you want to log in to this site using your email address? Yes/No", done.


If you're so supportive of Persona, why don't you make your work in the area (persowna.net) FOSS?


I just might.


I just tested the sign-in demo, on persona.org & lfgss.com. Persona feels like the on shared 1st place best login experience I've seen.

Actually marginally better than Gmail, for me, because with Persona, I understood which address I signed in with, at lfgss.com. Gmail, however, doens't let me know which account I sign in with, if I'm logged in with just one of my Gmail account. Then Gmail silently assumes that's the account I want to use, although it might not be. Persona, however, clarified which Gmail account I was using.


It does get better, if you have more than one email address associated to your Persona ( via https://login.persona.org/ ) then during sign-in you are asked which you'd prefer to use. Then it's really clear which is used.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: