Email login – with Mozilla Persona
Posted 18 October 2013 12:47
As described in my article ‘User Registration, Log in and OpenID’ (written in September 2009), we removed the ability to log onto this website via e-mail and replaced it with OpenID authentication. The main reasons for doing this were speed, simplicity and security.
When OpenID came out, website owners were quick to embrace it and it is widely used by millions of websites and apps today. The problem is that although it’s a great bit of technology, there is also some confusion, fear and scepticism around it from the user community – this presents a problem if it is your only allowable method of logon to your website!
Because of the distrust/confusion from users, some large sites decided to remove their support for OpenID authentication and replaced them with email and password authentication. It is worth reading the articles from 37signals and MailChimp about their decisions to do this.
We don’t like the concept of standard e-mail (or username) and password authentication because it isn’t a defined standard, it isn’t a shared, coherent solution, it has issues and it doesn’t make any attempt to resolve any of the issues. The issues with it are:
1) The user has to remember the e-mail address or username that they signed up to the website with
Usernames present a bigger problem because they are less likely to be unique, so a user may have more than one username that they use on the Internet.
They may also use more than one e-mail address that they use on websites.
2) The user has to remember the password
Many websites have different criteria for passwords, or they may require you to change your website on a regular basis. This means that you may have multiple passwords for multiple sites. Indeed, it is actually good practice to have a different password for every single website you access.
Some websites store passwords in clear text – and some even e-mail that password to you in clear text. This is extremely bad practice as it is unsecure.
3) It’s slow to enter data
The process of entering a username and password is slow.
4) It’s open to errors
Users often make typos. If they make a typo on the username, email address or password, they need to be notified and then have to manually check and correct the error.
Now there is a solution that allows people to authenticate with their email address, not use a password and is fast and secure. It’s called Mozilla Persona.
Its key benefits are:
- No passwords
- Remembers which email addresses you used for which websites
- Links all of your websites to a single Persona user account
- Works alongside OpenID authentication
We have added it to this website, as well to PlateJobs (our recruitment site). It will be interesting to see how popular this method of authentication becomes.
We have also made the logon page cleaner by removing most of the text and replacing some of the images with nicer ones.
Old login page:
New login page: