
Designing for failure - jsnell
https://lwn.net/Articles/711912/
======
niftich
It's not apparent from the headline, but this is an examination of why Mozilla
Persona failed.

Most of the points raised here (e.g. needing third-party buy-in, popup UI
built into browser, endpoint fragmentation, problems with communicating the
use-case to users) have been overcome and solved by U2F, a technically
distinct effort (for two-factor authentication) but one that users might
perceive as having some overlap. So perhaps the question to ask is, what sorts
of factors helped U2F that didn't/couldn't help Persona?

~~~
closeparen
Adopting Persona (or any "outsourced" login system) feels like giving up
control of your users table to some third party. As with OAuth and OpenID
before it, major websites want to be providers at most, no one wants to be a
relying party.

Adopting U2F feels like getting a serious enterprisey security system (smart
cards) in an open-source, hacker-ethos way. It doesn't feel like giving up
control because no one in U2F's target audience (besides Amazon Web Services)
was already managing their own smart card deployment.

~~~
CaptSpify
> Adopting Persona (or any "outsourced" login system) feels like giving up
> control of your users table to some third party.

I personally agree with you, but everyone is tripping over themselves to give
control to FB, G+, Disquss, etc.

~~~
wstrange
That is not an entirely irrational decision for many web sites.

There is a liability that comes from maintaining accounts and passwords in
particular. It can make sense to let the large players take on that risk.

~~~
CaptSpify
I don't think it's entirely irrational either. It sure makes sense in some
situations. I'm just not easy with giving something so vital to the health of
a site to a 3rd party

------
callahad
There's a recording of this keynote at
[https://www.youtube.com/watch?v=3dDGkLHOldw](https://www.youtube.com/watch?v=3dDGkLHOldw)

There's also a more in-the-weeds braindump of where Persona went wrong at
[https://github.com/portier/portier.github.io/blob/master/Oth...](https://github.com/portier/portier.github.io/blob/master/OtherProjects.md#portier-
compared-to-persona)

The actions we've seen from the executive branch this past week should
underscore the importance of building decentralized alternatives to systems
that forcibly route users through American corporations.

Persona failed.

Build something better.

