IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mozilla tackles single sign-on with BrowserID

Launch of new project aims to make multiple logins and passwords a thing of the past.

Password

Mozilla late yesterday launched a new experimental project, called BrowserID, to make it easier for users and developers to handle the sign-in process for websites.

The project uses existing email addresses to replace the login and password details for all of the sites a user may want to log into, such as Facebook, Google or Twitter.

Described by its development team as a "snazzy passphraseless login flow," the project uses a new Verified Email Protocol' from Mozilla that is based on public key cryptography.

Dan Mills, Mozilla Labs engineer, said in a blog posting that the open source protocol enables the project to offer this new approach to universal login.

"Sites get proof of ownership using public key cryptography," he wrote.

"But don't worry, we have a verification service so you can get started without writing a single line of crypto code."

When a user logs into a website BrowserID intercepts the request, allowing them to choose any one of the email addresses they must have already registered with the service in order to authenticate their login.

The one-time verification of email addresses when a user first registers with BrowserID allows the service to use crypto keys in order to vouch for the user's ownership of them, so the website that the user is signing into does not need to.

The success of the service will be largely reliant on getting email service providers to get involved. In return, they will be able to access the data collected on the sites that users log into using BrowserID.

But Mozilla said this would still be a more secure method of password management, as the data will only reside on BrowserID servers.

While single sign-on systems like OpenID have been around for some time now, Mozilla said BrowserID offered a better alternative to identity token-based protocols because its keys worked with the authentication service already provided with email accessed via the web.

In the wiki documentation describing the Verified Email Protocol, Mozilla stated: "A number of web-scale identity proposals start by creating a new identity token for example a user ID or personal URL and go on to describe how to use that token to authenticate the user."

By using existing email addresses, Mozilla claims its system eliminates the need to register an identity token every time the user wants to log into a new website. It said this would make it easier for users and developers to adopt.

And the prototype uses JavaScript and HTML to enable its use on the latest web and mobile browsers.

The company has launched a new website to host links to the BrowserID source code and specifications, designed to encourage end users and website owners to get involved.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mozilla adds paid tier, new features to developer network platform
web development

Mozilla adds paid tier, new features to developer network platform

25 Mar 2022
Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

8 Dec 2021
Firefox 95 boosts protection against zero-day attacks
web browser

Firefox 95 boosts protection against zero-day attacks

7 Dec 2021
Mozilla to end support for Firefox Lockwise password manager
web browser

Mozilla to end support for Firefox Lockwise password manager

24 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022