Lately, I have been very happy to see Mozilla’s new proposed authentication system, Persona, gaining popularity. I have tried it in both my capacities as a user and a developer, and, I have to say, it leaves me eminently satisfied in both.
As a developer, it is fantastically easy to integrate. Given how much of a pain all the password change, account creation, password reset, login, etc views (with assorted HTML) were, the 3-minute integration of Persona was a godsend. Since I also don’t need to preoccupy myself with securely storing people’s passwords, Persona wins hands down.
As a user, Persona is very simple to log in. It asks you for your email address, asks you to create a new account (and verify it) if you haven’t been there before (or your password if you have), and you’re logged in. To make things better, it recently got Gmail integration, which means that, if you use Gmail, sites that support Persona effectively now have become “Log in with Gmail” sites, without Google knowing which sites you authenticate on. That’s just fantastic.
There is a bit of a blind spot for people who use their own domains for email addresses, though. If your domain isn’t a Persona identity provider (and most aren’t, by default), you have to log in through the built-in provider. While it does the job, that provider is far from full-featured, only allowing you to sign in with one address and a few aliases.
I wanted something more powerful, so I built a new tool to help manage Persona authentication for your domain. I call it Persowna, and it has a number of very useful features for advanced users or businesses:
- Privacy: Your identity provider cannot know which sites you are logging in to.
- Installing it on your domain is a matter of copying a single file to it, so it takes around ten seconds to do.
- It allows you to natively and seamlessly log in to Persona-enabled sites using your own domain.
- Very importantly, it supports Google Authenticator for two-factor authentication. Instantly, all the sites you log in to are two-factor secured.
- It allows for multiple aliases, and wildcard aliases for domains you own. Do you own yourname.com? With a single Persowna account, you can use <any address>@yourname.com to authenticate to sites (you can use this for creating one email address per site, for example, for spam-control purposes). As of this writing, this is in beta testing, but it’s coming very soon.
Persowna is free for now, but my goal is to make it much more useful for organizations. They will be able to issue accounts to their users so the latter can log in to their Persona-enabled intranet sites, or log in to any Persona-enabled site on the internet by using their corporate identity.
I plan to add more types of authentication, and make Persowna integrate better with the already-existing organizational authentication systems (e.g. LDAP). For the moment, however, it works very well for logging into sites with added security (due to two-factor authentication), and allows me to use a single account to log in to any Persona-enabled website using any of my domains.
If you think this might be useful to you, please sign up for an account (they’re free while the service is in beta) and use it. I would appreciate feedback on what your needs are and whether Persowna meets them. If you need something Persowna doesn’t do yet, just send me an email and I’ll be happy to prioritize that issue.
I hope Persowna will be useful to you, and I’d like to hear from you even if you decide not to use it (I’d like to know why and if there’s some other feature you’d find useful instead). You can also leave comments below, I get notified and will read and reply to them.