Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't trust any "organization" to store and manage my passwords. A single subpoena to mozilla for a divorce proceeding or whatever could unleash cascading consequences upon you.


It's not really a "password manager", it uses signed assertions instead of plaintext passwords. It is similar to client certificates, but with a much better UI.

Plus, your keys are stored in the browser, according to callahad, so Mozilla doesn't have to know where you signed up: http://news.ycombinator.com/item?id=4232774

Also, in the future you probably won't even need to contact Mozilla anywhere in the process: your browser will store your certificates for you, natively.


The system is designed to allow your email provider or another Identity Provider that you trust, to store your password instead of Mozilla.

Your identity provider just has to implement the BrowserID protocol https://developer.mozilla.org/en-US/docs/Persona/Identity_Pr...


So what happens if my email account gets hacked? Won't this compromise all my accounts then?


This problem exists today. I can do "forgot my password" on many sites and owning your email account can change the passwords and log in to them.

Persona doesn't attempt to solve this existing problem.


Thank goodness Persona isn't a password manager then.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: