Mozilla released information today about a project designed to put an end to the password. BrowserID requires a user to verify that they are the owner of an email address a single time. Once the email account is verified, users can simply click the sign-in button at a site using BrowserID and log into the site with the email address. This eliminates the step of creating a password as well as clicking a confirmation email link from each site. At this point, the user can make comments or use other site functions that require an account. Mozilla is hosting a BrowserID server for developers, but sites can implement the protocol without the need for Mozilla’s server.
The technology uses a public key cryptography to verify a user’s email between the browser and the site. This technology is known as “Verified Email Protocol”. There are plenty of alternatives such as OpenID and Facebook Connect, but these present privacy and data concerns according to Mozilla. The advantage of BrowserID is the lack of information traded between the user and the site as well as securing user data from being leaked to other servers.
Despite the somewhat misleading name, BrowserID isn’t tied to Mozilla’s Firefox browser. It works with Microsoft’s Internet Explorer, Google Chrome and Apple’s Safari. It doesn’t require direct support from email providers, but they gain greater control if they do support BrowserID. BrowserID also uses Gravatar to pull an avatar image that can be displayed on the site similar to Facebook Connect.
Mozilla hopes to standardize the protocol by working with other identity providers sure as Twitter, Google and Facebook. Developers and site owners that want to experiment with this new technology can visit browserid.org. A demonstration of the log-in procedure can be seen at myfavoritebeer.org as well.
