Mozilla launched BrowserID to make it easier and safer for users to log in to web sites by reducing the number of passwords they have to remember. Browser ID is an open source experiment from the Identity Team at Mozilla Labs.
BrowserID is a decentralized identity system that makes it possible for users to prove ownership of email addresses in a secure manner, without requiring per-site passwords. BrowserID is hoped to ultimately become an alternative to the tradition of ad-hoc application-level authentication based on site-specific user-names and passwords. BrowserID is built by Mozilla, and implements a variant of the verified email protocol.
- Easy to use: Users gain a streamlined one-click experience that feels the same on any site they visit. Developers save time by deploying BrowserID, eliminating the need to implement email verification. Check out the links at the end of the post for more information.
- Secure: BrowserID implements the Verified Email Protocol, which is designed with security in mind. Sites get proof of ownership using public key cryptography—but don’t worry, browser id have a verification service so you can get started without writing a single line of crypto code.
- Cross-browser: BrowserID will work on all modern browsers, including recent versions of IE, and on mobile browsers!
- [advt]Decentralized: Anyone with an email address can sign in with BrowserID, and email providers can implement BrowserID support to make the system even easier for their users.
- Respects user privacy: Unlike other sign-in systems, BrowserID does not leak information back to any server (not even to the BrowserID servers) about which sites a user visits.
BrowserID uses email addresses to identify users
Users understand that an email address is like a persona. People typically have a work email, a home email, and maybe more. For developers, email addresses are useful, too: they are unique and provide an obvious contact mechanism when developers inevitably need to contact their users. With OpenID, the user’s email address may be available to Web sites requesting authentication, or it may be absent. In any case, it’s not the identifier.
BrowserID protects the privacy of your Web activity
With BrowserID, by design, your identity providers are not involved in the login transaction. This means they need not be aware of your entire Web activity, a significant privacy advantage. With OpenID, your identity provider is, unfortunately, a necessary participant in the login flow.
BrowserID can be smoothly integrated into the browser
Web-based login systems may increase the risk of phishing attacks if users become accustomed to typing their password into a dialog that an untrusted web site opens up for them. So, eventually, mozilla want the login activity to happen within an easily recognizable, fully trusted browser UI. Because OpenID was designed primarily for use with zero browser intervention, it’s difficult for the browser to step in and provide that more secure login experience. Mozilla Labs designed BrowserID with the specific goal of making it easy for browser vendors to implement directly, without preventing pure HTML implementations.[source]