
Users don't like social login - AndrewDucker
http://identity.mozilla.com/post/45842909320/users-dont-like-social-login
======
jdlshore
In case you're not familiar with them, this blog comes from the Mozilla
Identity team, which is creating a unified login product called "Persona."
It's basically the features of social login (you don't have to create a new
account for every site) without the drawbacks (an advertising-driven company
knowing your every login).

I use Persona on my costs-real-money subscription site[1] and I'm _very_ happy
with it. Integration was easy, the user experience is pretty good, and it's
been stable and reliable. The best thing, of course, was not having to
implement my own password-management infrastructure, which saved me a ton of
time, as well as insulating me from the hard security problems that come along
with such a beast.

If you decide to try Persona, I heartily recommend it. There are a couple of
gotchas to be aware of:

1- On iOS, only Safari works due to Persona using a pop-up window for login.
People using Chrome on iOS will get a confusing "relay frame not found" error.

2- Signup flow could be better. When users create an account, they get a
confirmation email. Clicking the link in that confirmation email redirects
them to the Persona site, _not_ back to your site. It's possible this is
configurable and I haven't figured it out yet.

3- Persona emails are case-sensitive. There's some rare issues that occur as a
result. At one point, it could crash the login, but I believe that's been
fixed.

Don't let these flaws stop you, though--Persona is very well done and
constantly getting better. I've had hundreds of people sign up for paid
accounts and only two have had trouble to the point of asking for help. (And
nobody's cancelled their subscription because of login problems. :-) )

[1] Let's Code Test-Driven JavaScript, letscodejavascript.com

~~~
martinced
_"not having to implement my own password-management infrastructure, ..., as
well as insulating me from the hard security problems that come along with
such a beast."_

But you do realize it does definitely create another, much more serious,
security problems right? What happens when the single sign-on server gets
compromised? What happens when tokens aren't as secure as they should (like
the recent OAuth SNAFUs, with an 's')? What happens when you don't pay
attention to all the fineprints in the Persona docs stating things like:

 _"Be careful if you don't do this it's going to be easy to forge"_

and:

 _"Guidelines to use Persona securely"_

?

So it can be used not securely? Like OAuth? Do you think I find it re-assuring
that I have to take steps so that things are not easy to forge? What when the
latest JavaScript / browser exploits manages to forge requests?

Don't get me wrong: this seems _very_ convenient. But you're trading time for
something here. It saves you time by now having to roll your own security
correctly (a DB into which you put emails and bcrypt encrypted passwords) but
it comes at a price.

The price is the added insecurity that single sign-on adds.

~~~
callahad
> _What happens when the single sign-on server gets compromised?_

Persona has a federated architecture. In the very near future, most users will
_not_ be vouched for by a central authority.

> _bcrypt encrypted passwords_

Don't forget to upgrade everyone to scrypt when that recommendation changes.

------
callahad
Hi, I'm on the Persona team at Mozilla. If you'd like to learn more about what
and why Mozilla is doing with authentication, I gave a 45-minute talk at PyCon
US this past Saturday. You can find the video here:
<http://pyvideo.org/video/1764>

I'm also happy to answer questions in-thread or via email.

~~~
mrweasel
I looked at Persona for a project a friend of mine is doing, and I pretty much
rejected from the start. Persona seems flawed in that it assumes email as
identity.

I'm a developer on a e-commerce site, when we started out we assumed what
Persona assumes, that email is a unique and stable identity. We found out the
first day of production mode that this assumption is flawed. People changes
email address all the time, it's at least as unstable as their home address,
most peoples phone number is more stable.

As software developers we assumed that pretty much no one would ever change
their email address, or that at least they wouldn't discard their old one.
Regular people however do that. They do not care about their email address.

Is this something that the Persona team that given any thought. If so, what
did you come up with?

~~~
Noxchi
Email address is the backbone of web identity. Nearly every registration
system uses it. If you're having trouble with it, maybe, just maybe, it's on
your end?

~~~
mrweasel
If you honestly believe that, I would claim that you either have no customers
or that your customer reside in a very limited sub-section of people.

People do not believe that their email and identity is in any way linked. You
and I might believe that, but don't count on your customers sharing your
beliefs.

~~~
sergiosgc
I'll use a call to authority. Amazon uses the email as identity. If it works
for them, surely it can't be that bad a decision...

~~~
saurik
Nope, like all other large providers (Facebook, Google, etc.) Amazon allows
users to use e-mail addresses to log in, but they are not canonical stores of
identity. In fact, Amazon is the most humorous example you could have pulled,
because Amazon actually allows multiple accounts with the same e-mail address,
and uses the password to differentiate (which is pretty much what jointb86
said, but I doubt if you knew this is the case that his comment was clear).

"Why Does Amazon.com Allow Multiple Accounts With the Same Email Address?"

[http://www.experimentgarden.com/2009/11/why-does-
amazoncom-a...](http://www.experimentgarden.com/2009/11/why-does-amazoncom-
allows-multiple.html)

"Note: If you change the e-mail address on your account to an e-mail address
that is already associated with another Amazon account, we will ask that you
first verify your e-mail address."

\--
[http://www.amazon.com/gp/help/customer/display.html/?nodeId=...](http://www.amazon.com/gp/help/customer/display.html/?nodeId=468538)

------
yesimahuman
I think adding social auth was one of the biggest mistakes we made for the
beta of Jetstrap. Users constantly forget which service they use. We added
email/pass authentication, but now older users think they had a password when
they didn't, and with django social auth you can't reset the password for a
social account.

It was one big mess not at all worth it. I'd like to try Persona and see how
that compares, but I think normal email/pass is better than plain social auth.

~~~
snaky
Why don't put the way the user was logged in by last time in cookie and just
highlight it next time for him? Or even more explicit - add the "you have
logged in this way last time" under the appropriate button?

Technically that's easy to implement.

~~~
tempestn
If a user returns relatively quickly they generally remember how they logged
in. The problem is when they come back after some months. At that point,
they've probably completely forgotten how they logged in, and have cleared
their cookies for some reason or another. It's a standard troubleshooting
suggested by many websites. (Not saying it _should_ be so, but it is.)

------
nicksergeant
Technical people don't like social login.

Real people (non-tech / nerd) prefer not having to create individual accounts
for all sorts of different services.

I've seen proof of this time and time again.

~~~
mun2mun
One example of this is pud's launching of fandalism.com. When he announced the
site on HN[1] some HNers complained about Facebook only login. But he was
still able to get 400,000+ signups within 3 month[2].

[1]<https://news.ycombinator.com/item?id=3559081>

[2]<https://news.ycombinator.com/item?id=3850739>

~~~
switch33
A facebook "only" login is the key here. Given a choice many people rather
create a new login or not use facebook.

------
janus
The worst offenders are sites that lead you into logging in with a social
account and then ask you to add your email and create a password anyway.

~~~
anoncow
Some use social login as an alternative to valid email id testing(atleast i
do). Saves money when your outbound email is quota restricted (appengine).

~~~
paranoiacblack
Yes, I do this exact same thing. I really don't want to store password on my
side and I'm of the impression that sites like Google, Facebook, and Twitter
do this better than I ever will and that most of the users visiting the site
will have some kind of account on these sites. Ignoring man-in-the-middle
attacks, if one of the above thinks the email is valid, I have no reason not
to.

As a disclaimer, though, I've worked on highly specialized apps where the
users belong to a certain organization bound by one of the above. For example,
I made a website for my school and every student there has an email address
that is tied to that school's Google Apps for Edu account, so I'm guaranteed
that all valid users (students) will be able to log in via Google.

------
FuzzyDunlop
> We also noticed that users dislike the NASCAR-style > plastering of branded
> login buttons.

This reminds me quite vividly of Stack Overflow's login page. I can never
remember if I signed up direct, with OpenID, or Google, or whatever else is
there.

I've been starting to dig Mozilla and Firefox again lately (the last week of
developer tools news cemented that), so I'd love to see their idea take off
and gain full adoption.

~~~
larsberg
I rely on LastPass for confusing sites like that one. If it weren't for that
addon, I'd never know, for example, which of the 7 or so Windows Live accounts
that have been generated on my behalf is The Right One for which website.

~~~
nonamegiven
I merely bought and installed an xbox 360, and now I have a small number of
windows live or hotmail or xbox accounts, I haven no idea which are distinct
accounts and which are linked in some way. Ptthht, ptthht. Trying to cancel
the auto re-up of their gold account was a nightmare of circular hate. Ptthht.

------
dochtman
If you want to run your own Persona Identity Provider (so you can login
directly with your own email account and control the authentication from your
own domain/site/server instead of having to remember yet another password for
the fallback Identity Provider provided by persona.org), here's a tiny little
piece of Python code that implements that:

<https://bitbucket.org/djc/persona-totp>

In particular, the authentication method I use is Google Authenticator-
compatible TOTP (RFC 6238).

~~~
StavrosK
That's fantastic, thank you! You just showed me simple examples of at least
two technologies I considered complicated to implement.

------
guan
I don’t like social login, but I do like not having to create yet another
account.

~~~
price
Indeed. The article doesn't make the context clear up front (perhaps because
it's on a blog and partly aimed at people who already know what the blog is
about), but the author and Mozilla have a solution to that problem that isn't
"social". The post mentions it toward the end:

"We built the Persona protocol to reduce data sharing to the minimum needed
for the user to easily log in: the browser mediates the login without leaking
data to the identity provider. _In the end, Persona is the easy login solution
that respects users._ "

Ben is a smart guy, I've read about Persona, and it seems to be really well
thought out and to have learned from the failings of e.g. OpenID. I intend to
use it the next time I need an easy login solution for users.

------
hp50g
To be honest I don't get to see social logins. Adblock and ghostery seem to
put and end to them and my participation.

And that's the way I like it :)

------
breck
We just implemented Persona across all our sites and are very happy with it.

We did it in a way that's completely independent of our normal email/password
login as well, but integrates seamlessly. That made me really happy, as the
reliability of our system hasn't decreased a bit.

The Persona team was also really helpful, though it turned out we didn't need
much help implementing it.

------
jpdevereaux
While I'd like to agree, I'd also like to see something beyond anecdotal
evidence on this. It'd give me a great excuse next time someone wants a
Facebook login and a Twitter login and a Pinterest login [sic] on the same
site.

~~~
arindone
100% agreed -- anecdotal blog posts should not be up-voted to oblivion simply
because the community at HN agrees with them. (Though I find it ironic that
such a technical community doesn't consider lack of data in arguments like
these an issue.)

------
lubujackson
I love the concept of Persona and hopes it catches on. One question I can't
seem to find the answer to, though.

Users are allowed to have multiple emails tied to one Persona account. If they
login to my site with one email I will see that email address and can bind
their account data to it. If they sign in with their other email address, will
I be able to identify them as the same person?

~~~
kijin
IMO, the whole point of tying multiple email addresses to one Persona account
is to _prevent_ websites from figuring out that both addresses are tied to the
same person.

This is very important when you're trying to build an identity system that you
want every website to adopt. Users want to split up their lives into distinct
identities (e.g. one for professional settings, one for friends, one for
family, one for a secret hobby...). A viable identity system should allow
people to manage such identities with ease and switch between them at a
moment's notice, without letting anybody else find out that @lubujackson on HN
is the same person as @blowjobs on a porn site or a member of an unpopular
political movement. Even if somebody carefully compared HN databases with the
porn site databases.

Having said that, people do change their email addresses a lot more frequently
than web devs assume. When this happens, they need to update their profiles in
every single website where they used the old address. It would be better if my
identity were linked to some sort of key that doesn't change, rather than an
email address. Likewise, if there is a proliferation of Persona identity
providers, some of them will inevitably go out of business after a while. It
should be very easy to migrate one Persona account to another.

~~~
sergiosgc
Persona identity providers should be the email providers. If the email
provider goes bust, then that identity is lost. If they only stop supporting
Persona, then Mozilla steps in and supports Persona on that domain. I think
it's quite an interesting approach.

------
goronbjorn
Mailchimp had similar findings, albeit coming from a different angle:
[http://blog.mailchimp.com/social-login-buttons-arent-
worth-i...](http://blog.mailchimp.com/social-login-buttons-arent-worth-it/)

------
mikec3k
I prefer logging in with Facebook or Twitter rather than having to remember
yet another login. You can always revoke access later.

------
shmerl
I wish more sites would start using Persona, instead of privacy disrespecting
FB or G+ login helpers. Even OpenID isn't as widely used as it could be.

------
biznickman
Users always complain about social logins. On iOS apps that I've built, I've
found Facebook login to have something like a 50% conversion. I'd be curious
to hear whether or not the conversion is improved by using Mozilla's Persona
product. Is the only sales pitch here that the login is managed by a non-
profit organization?

Not sure how that makes this a better product overall. Can anybody clarify?

~~~
callahad
Major difference: Social auth outsources your user table. Persona outsources
your password column. You still have your own users, and you still have a
portable identifier for them.

What's more, Persona is built as a fully-decentralized architecture with a
temporary centralized fallback. That means that _one_ button can support _all_
users, via their email provider's native authentication mechanisms (in the
future) or via Mozilla's centralized fallback (for now).

~~~
dasil003
I don't understand your first point. How can you have an app function without
a users table?

The main issue as I see it is just the baggage that comes with a private
company login. For instance, Facebook login raises questions about what
Facebook will do with the login information, and also what the site will try
to do with your Facebook data and permissions. Those questions will
increasingly become a concern for everyone, but beyond that some people have
opted completely out of Facebook because they find it actively harmful and so
they are excluded a priori.

Persona is simply a login mechanism with the users interest in mind. People
may take or it leave it, but it will be on its own merits rather than being
overshadowed by needlessly related general concerns with a third-party
product.

------
bozho
And here's my How-To for adding Persona authentication to your site:
<http://techblog.bozho.net/?p=1056>

~~~
callahad
Thanks for that post! Do you have any suggestions for how the official
documentation (<https://developer.mozilla.org/en-US/docs/Persona/Quick_Setup>)
could be improved?

~~~
bozho
Hi. I have to confess I neglected my promise to contribute to the official
documentation, but I haven't found the time..

------
lukeh
We (PADL) have developed a SASL/GSS mechanism for Persona, which you can get
here:

<https://github.com/PADL/gss_browserid>

Internet Draft here:

<http://tools.ietf.org/html/draft-howard-gss-browserid-00>

This lets you use Persona to authenticate to non-web services such as IMAP,
SMTP, SSH, NFS, CIFS, etc. We (or should I say, I) are pretty excited about
it!

~~~
StavrosK
Hey, that looks very interesting! I hope it goes places.

------
recurser
Just a random data point, but one of my apps with a definite non-technical
demographic gets 97% of logins via facebook, 2.5% via twitter, and 0.5% via
email/password registration. I haven't tested it obviously, but I don't think
removing Facebook login would do much for conversions.

------
AznHisoka
There's an "evil" incentive to have social logins such as Twitter + FB. It
gives you a free access token, which can be extremely useful, especially if
you're building a social media analytics service, or some sort of tool that
requires making API calls.

------
Aissen
Meanwhile, the Persona vs Personas mess is not fixed yet:

<http://www.getpersonas.com/>

<https://persona.org>

Context: Personas should have been renamed to "Themes". But apparently it's
not done yet.

------
muratmutlu
"Lesson 2: Social Sign-in is Better Than Email Sign-in After dozens of failed
A/B tests to improve the conversion rates of our landing page, we came up with
the idea to enable social sign-in (i.e., signing up for a Buffer account and
logging in using your Twitter, Facebook or LinkedIn account).

After all, Buffer is for posting on Twitter, Facebook and LinkedIn so it only
seemed logical that our potential users would be able to quickly and
conveniently sign up using one of their existing accounts."

<http://sixrevisions.com/user-interface/ux-design-mistakes/>

------
daredevildave
This is exactly what I said to Ben when we implemented Persona at PlayCanvas.

Social logins might be OK if you are making a photo-sharing app or a social
newsreader, but if your business relies on _companies_ signing up, my
suspicion is people won't be comfortable signing up with their Facebook
account.

We wanted the benefits of a secure login system without all the social
baggage. Persona provides that. Though we also support Google OpenID as lots
of people already have a GMail or Google Apps account.

As an aside, I won't sign up for _anything_ using Facebook, I simply don't
trust them or the app not to broadcast my every move to people.

------
drdaeman
I really hate when my identity is _provided_ to me by some third party. It
universally applies to both social networks and Persona. I don't like the very
idea of leasing my own identity.

This said, I really wish Persona project will fail as much as possible.

I only hope there'll be a day I'll finally truly _possess_ my own network
identities, and third parties (social networks, email providers, etc) will act
as notaries who just _assert_ them for others to verify.

~~~
TheCoelacanth
> I only hope there'll be a day I'll finally truly possess my own network
> identities, and third parties (social networks, email providers, etc) will
> act as notaries who just assert them for others to verify.

If you have your own domain name, that's exactly what Persona does. The
protocol is completely decentralized. Mozilla only provides a fallback for
domains that don't support Persona.

~~~
drdaeman
I believe domain names are still inappropriate for identities. Even XRI
i-numbers was a better idea.

One just can't own a domain name. It only can be leased for a limited time,
for a price, and even then, at least in some TLDs one can't be sure the lease
won't be revoked at someone's whim. There's no real difference whenever one
leases email address from a provider or domain name from a registrar.

Maybe I'm overzealous about it, but I really wish to be _the_ source of my own
identity and posess it like I posess my GPG key.

------
jvandenbroeck
Bold claims without any evidence backing it up.

~~~
malbiniak
I'm glad to see I'm not alone.

I had high hopes of seeing data and research (no offense, TechCrunch) to
support this claim. I'm in the camp of not liking social authentication,
especially when it's the only option, but I'm also a sample set of 1.

------
SeanDav
I agree very much with this. What I do is use "dummy" facebook, google, email
etc accounts to log into sites that either require social logins or make it
easy to try with social logins, but that I don't trust yet.

I am generally suspicious of sites that require or "encourage" logins with
social details.

------
mixmastamyk
In case anyone was wondering (like I was), Mozilla Persona is built on
BrowserID introduced last year.

------
meerita
I'm 1Password user. I dont' have to trouble anymore with logins nor selling my
ID to Facebook, Twitter or Google. I only use social on those apps where the
owners think you only need Twitter/Facebook as the option to use their apps.

------
adrianhoward
"Users don’t like social login" should actually read "Some people don't like
social login in some contexts - other people like it, or even prefer it, in
others".

At least that's what I've seen in user testing... but that's not as
interesting I guess.

------
neilkumar
With regards to the last point - privacy from your identity provider -- isn't
that somewhat moot for most sites as they have those
facebook/twitter/google+/etc share/like/plus icons that report back anyways.

------
anonfunction
The point about having multiple providers and forgetting which one you used
rang true to me. My gotos are twitter, google, or github and it seems I change
based on the type of app I'm connecting with.

------
switch33
Surprisingly companies are finally realizing this. Like companies really
thought people would not care to give away all their 'social' unneeded
information for some random x or y service.

------
StavrosK
To see an example of Persona, you can visit <http://www.yourpane.com> and
click the "Persona" button (don't enter an email address).

------
k_bx
Biggest problem with social login for me is that I have all of them (google,
twitter, facebook etc.), and sometimes multiple (google, twitter).

------
jsp78
Is there an option to not provide my email as part of the "identity" because I
could see that being a barrier to signing up for some sites?

~~~
callahad
You must provide _an_ email address, but you're free to use disposable or
other addresses.

------
lnanek2
It would be nice to see actual user studies rather than quoting TechCrunch.
Tech journalists are not everyone's target market.

------
vxNsr
Relevant XKCD: <http://xkcd.com/927/>

------
harryh
Claiming what users like or do not like without metrics is deeply suspicious.

------
hawkw
This just in: users don't like social login, water is wet, sky blue..

------
uribs
Yes, actually we don't want ANY login/registration.

Just put auth info in a cookie, and let the user associate it with an e-mail
address later, once he actually knows he will keep using the service.

I believe "I can't be arsed to register" is one of the top reasons websites
lose prospective users.

~~~
mrweasel
That is absolutely true, or at least I think it is. The single best thing we
did it to allow our customer to do a purchase without being logged in.

If the email address entered on our checkout page is already in our database,
we link that purchase to the relevant account. If the customer want to login,
they can, if not, that's cool to. We get a lot of wrong matches which needs to
be fixed, but that seems to be a price we can and will pay.

We have had customer adding orders to other people accounts, because their
email address was entered wrong ( even though we require the customer to enter
the email twice. ) and we have customers ending up with multiple account that
we need to merge. Despite all the problems, customers love not having to log
in before doing a purchase. It's hit and miss in a few cases, but we try to do
what our customers expect, matching their purchase to their account,
regardless of login credentials. That's what consumers want.

~~~
tracker1
We did the same thing with one of the sites at work... You can make a purchase
without login, and the related emails to a given order includes a token so you
can see that order's status without login.. If there isn't an account at that
email, we generate one with a few space-separated random words, and email the
user... password recovery is email only and pretty easy. All in all, the user
experience has been pretty well received.

Now that I've seen this in practice, it would be my preferred way moving
forward. It didn't/doesn't take that much effort to do things this way. The
bigger issue is in the occasional phone order our demographic is mostly men
50+, so some genuinely don't have email.. we use an internal address in that
case...

~~~
tracker1
meant, we generate an account were the password is some random words...

------
IheartApplesDix
As hard as remembering different passwords for different sites is for the end
user, I really think it's about time the user took a step toward meeting
security and engineers in the middle.

Did 20th century humans think key rings were too complicated? Why are we
implementing tokenization, one way hashing, etc. when the end customer can do
this much more securely? Oh yeah, we'd like to get at their data when they're
not around..

~~~
martinced
Exactly. But sadly you're in a tiny minority of people thinking about the
security implications. Most developers don't: which is why we're having
countless OAuth exploits and whatnots.

Schneier wrote a long time that anything too complex cannot ever be secure.
That's the case of OAuth and of _many_ federated/unique/single sign-on logins.

------
IheartApplesDix
I doubt users really care about what type of login they use. Instead, users
are starting to associate social logins with spammy bullshit, federated
identity marketed shitfest of Web 3.0, built on the SAML/HTML5-based
Intelectual Property and right forfeiture platform.

------
fakeer
I actually do not login to website that asks me login either using Google a/c,
Facebook or so. Twitter being an exception because everything at Twitter I've
anyway made public, but I hesitate still.

~~~
paranoiacblack
That's a strange opinion to have though, because before doing login through
either of these services, you will be asked if you want to give that app
permission to certain parts of your account. For example, I might have you log
in through Google to verify your email and I don't see a reason why you
wouldn't let me see it; you've already shared your email with my app to
register an account in the first place.

~~~
fakeer
I should have been clearer.

Most of the website, do not just ask Email. Most ask other info too, like my
DOB, full name, Other Profile information. And when I say I "do not use", I am
talking about the first time logins of course. I don't really know what kind
of a website it is, legit or just a vapour. And I do not know in advance what
information it will ask.

Take the example of The Old Reader, till recently they wanted to take control
of your Contacts too(along with Reader; now they don't). I knew it once I was
at past the Google SigIn page(and I aborted right there). It was frustrating
even for those few seconds. Many do this.

So, I have given up on them altogether.

I mean I have OpenID accounts set up especially for this with the data I would
like to provide for this. There Mozilla's Persona(it's Identity Management
System)- etc. Why not use these?

And do not even get me started on Facebook. I don't open a website again if
the only way to login was via Facebook. Paranoid? No, rather pissed off. (By
the way, whenever I tried using Facebook logins the above mentioned problems
surfaced only in bigger multitude).

~~~
mynameisvlad
Because _everyone_ has Google, and the lowest setting on Sign in with Google+
contains some personal information from your account, including things like
DoB, Full name, etc. Google recommends OAuth2 over OpenID for authentication,
and I'd rather be using the service Google supports the most in order to
provide the best experience to users.

Just because you use OpenID and Persona doesn't mean that the majority of
people will. But the majority of people will have a Gmail account, or a
Facebook account.

------
martinced
The biggest problem with "social login" ain't about advertizing companies like
FB and Google having all your infos.

The biggest problem has actually nothing to do with social: the problem is
security of all these single-sign on / unique ID.

We're in 2013 and hardly a day goes by without a major security exploit found
affecting Rails, Java, OAuth, Flash, etc. There are so many botnets out there
that sites we rely upon for our daily workflow are getting taken down
(GitHub)...

Yet people don't talk about security. They don't even mention it. Not in the
TFA. Not in this thread (besides two insightful comments).

As long as people will keep thinking that they can put all their eggs in one
basket online and "really really have this basket by hyper-secure" we're gonna
be in big trouble.

It doesn't help that several people on HN are selling snake-oils products
_"put all your passwords in this unbreakable app, we guarantee you nothing bad
could ever happen"_.

~~~
callahad
> _As long as people will keep thinking that they can put all their eggs in
> one basket online and "really really have this basket by hyper-secure" we're
> gonna be in big trouble._

That's why Persona is based on a federated protocol: it's designed to spread
your eggs across many baskets, and it even lets individuals bring their own
basket.

