Mozilla Persona Now Accepts Gmail Credentials

Persona provides single sign-on authentication without the social network baggage.
Mozilla says that its Persona online authentication system can now authenticate Gmail users at any participating website.

Persona is designed to allow people to sign in at websites using their email address rather than a site-specific login and password. The advantage of this is that users don't face the burden of creating a new account and password that needs to be remembered and websites can authenticate visitors with less friction.

In order to sign in using Persona, the user's email provider needs to support the system. If it doesn't, Mozilla has to resort to sending a confirmation email and the recipient has to click on the link to confirm his or her control of the relevant email address.

[ Will this approach end the need for dozens of passwords? Read Mozilla Persona Aspires To Kill Passwords. ]

However, in April, Mozilla introduced Identity Bridging, a technique that eliminates the need for a confirmation email by verifying users through their email provider's OpenID or OAuth gateway.

That month, Mozilla announced a Persona Identity Bridge for Yahoo Mail, which allowed Yahoo Mail users to use their email addresses to sign in at any Persona-enabled website. On Thursday, Mozilla added Gmail to the mix, growing the number of potential Persona users to 700 million just among those two free email services.

"Today, we're happy to announce a new Persona Identity Bridge for Gmail users," said Mozilla engineer Dan Callahan in a blog post. "This means that every Gmail user can now sign into Persona-powered websites with just a few clicks using their existing account credentials. No new password required."

Callahan suggests another potential benefit of Persona is privacy: Google cannot track Persona logins via Gmail at third-party websites (nor can Yahoo).

This isn't quite the privacy one can get with Tor and TrueCrypt, however. Like other ad-driven companies, Google can track its users in other ways, using an anonymized identifier in an advertising cookie, for example. And many Google users have already consented to allow the company to store a history of the websites they've visited.

The privacy benefit Callahan cites is further diminished by the fact that Persona provides third-party websites with access to the user's email address. Web businesses, of course, prefer it to be thus, so they can understand who their visitors are and can communicate with them when appropriate. Nonetheless, Persona has value at least as a vote against social network authentication systems like Facebook Login and Google+ Sign-In.

Websites that wish to implement Persona can do so fairly easily. It's not quite drop-in code, however: Mozilla suggests integration can be done in a single afternoon.