I don't see how this solves having to make up new passwords. If I understand correctly, it makes everything use the same password, so why not do that in the first place if you don't care about security?
Interesting approach, but why would you like to tie your ID to your e-mail? I like to have a unique e-mail alias on every service I use. That way I can just remove the alias if the service gets hacked or starts to misbehave. I still encourage people to use OpenID.
I don't really see the point to this, except as a few more clicks to punish me every time I give a new unique e-mail alias to a site I'm registering on.
Can BrowserID be delegated like OpenID?
How do sites know they can trust me if I'm acting as my own Identity Provider?
Is there a worthwhile means of feedback that doesn't require me to clutter up my inbox with a mailing list subscription? (I've already checked and dev-identity isn't NNTP-accessible via GMane)
Great... another company that will have sell-able info about you. I prefer different passwords, and different IDs. If one gets hacked, then I'll still have the others. The idea is nice, but it's for lazy people who most likely have "qwerty" passwords. This is a huge security issue to me.
This sounds an awful lot like 1Password, except for the fact that 1Password is already shipping for every major platform, more secure, and leaded with more features. Did I mention that 1Password syncs with DropBox?
I'd like to know more about how hard the system is.
Being able to sign into accounts on website offers massive potential for abuse and if this gains widespread usage it would surely be a large target for hackers.
They could, if they could breach the system, simply war-browse popular sites like amazon with huge lists of gathered e-mails waiting for one of the doors to pop open.
@vthunder0 i have literally hundreds of accounts spread across the web and am most often stopped cold having to reset my password because of arcane requirements for my password or a site that works in conjunction with other sites which wrecks my ultra-secure formula for creating new passwords. but what i found most interesting is that you can use multiple email addresses, which means that i can use one for this type of business, one for that, one for personal, etc. and that's great!
I don't see how this solves having to make up new passwords. If I understand correctly, it makes everything use the same password, so why not do that in the first place if you don't care about security?
Dayantos 1 month ago
Interesting approach, but why would you like to tie your ID to your e-mail? I like to have a unique e-mail alias on every service I use. That way I can just remove the alias if the service gets hacked or starts to misbehave. I still encourage people to use OpenID.
Adolphsson 2 months ago
Sweet! I do so hope M$, Google and Facebook, obviously not Apple, support this and work with you guys.
Be nice to have a history page on the backend so can check what email is authorized with what site, logon times, etc.
groMMit1981 2 months ago
Do developers get the user's email address? So they can email them with newsletters or whatever
Liam0441 2 months ago 3
@Liam0441 Yes they do!
vthunder0 2 months ago
@vthunder0 Great! This looks so simple!
Liam0441 2 months ago
@Liam0441
You give them your email address anyway when signing up to a site.
simonw1485 2 weeks ago
cool! it works, i post a ajax post over with jquery and then i verifyed :P
ilikewebm 3 months ago
are you also interested in photography...? You talk like Gordon Laing !! :P
meetarnav 6 months ago
I don't really see the point to this, except as a few more clicks to punish me every time I give a new unique e-mail alias to a site I'm registering on.
Can BrowserID be delegated like OpenID?
How do sites know they can trust me if I'm acting as my own Identity Provider?
Is there a worthwhile means of feedback that doesn't require me to clutter up my inbox with a mailing list subscription? (I've already checked and dev-identity isn't NNTP-accessible via GMane)
ssokolow 6 months ago
Great... another company that will have sell-able info about you. I prefer different passwords, and different IDs. If one gets hacked, then I'll still have the others. The idea is nice, but it's for lazy people who most likely have "qwerty" passwords. This is a huge security issue to me.
DMizuho 7 months ago
Looks interesting! XD
vi00097 7 months ago
So if someone hacks your email, you're completely fucked with every other website?
DJImpulser 7 months ago
What the hell is this? What do we have lastpass for? Stop copying ideas and improve your browser Mozilla !!! >:(
Jaimemiguel07 7 months ago
@Jaimemiguel07 if you don't get it, stfu.
kaisellgren666 7 months ago
This is exactly like LastPass addon which is damn awesome! Especially because there's autologin feature too, i prefer LastPass.
TheAslanDA 7 months ago
About time!
kshep92 7 months ago
i was thinking retina eye scans /finger print pictures in every website loging would be better
frvfilms 7 months ago
I don't drink beer.
conspiritor2 7 months ago
What happens if you don't have a favourite beer?
cgpilk 7 months ago
For those of you asking how it's different from OpenID, The H did an article that goes in depth about the inner workings.
Techdude300 7 months ago
This sounds an awful lot like 1Password, except for the fact that 1Password is already shipping for every major platform, more secure, and leaded with more features. Did I mention that 1Password syncs with DropBox?
drinkonlyscotch 7 months ago
I'd like to know more about how hard the system is.
Being able to sign into accounts on website offers massive potential for abuse and if this gains widespread usage it would surely be a large target for hackers.
They could, if they could breach the system, simply war-browse popular sites like amazon with huge lists of gathered e-mails waiting for one of the doors to pop open.
thelastmike 7 months ago
Lastpass does better job imo.
DuSh4n 7 months ago 3
I really don't want to be That Guy, but when people at Mozilla will stop reiterating on present ideas?
b0h3ma 7 months ago
@b0h3ma But OpenID hasn't taken off (Because it is too complicated for normal users?).
cgpilk 7 months ago
Just nitpicking, but it's Guinness, not Guiness...
D4v1d04 7 months ago
Thanks for the comments! a few points:
Check out the hacker news thread for a lot of good discussion btw. a few points:
- you can ask "which email do you want to use to sign into this site?" and non-technical people understand what you mean
- VEP (the underlying protocol) does not leak info about where you are signing into back to the identity provider
- it's really easy for sites to implement, see the browserid site for a quick tutorial
- it's also easily implemented natively in the browser
vthunder0 7 months ago
@vthunder0 i have literally hundreds of accounts spread across the web and am most often stopped cold having to reset my password because of arcane requirements for my password or a site that works in conjunction with other sites which wrecks my ultra-secure formula for creating new passwords. but what i found most interesting is that you can use multiple email addresses, which means that i can use one for this type of business, one for that, one for personal, etc. and that's great!
havenbastion 7 months ago
Great Demo - but you spelt Guinness incorrectly. :-)
johnoandsarah9000 7 months ago 4
@johnoandsarah9000 oops :-P
vthunder0 7 months ago
Excellent demo!
How is this different from OpenID? Is it somehow more intuitive for typical users? Is it more secure? More browser integrated?
mc4ndr3 7 months ago
I'm surprised they haven't implemented this in chrome by default - especially since you can sync your browser already...
wartex8 7 months ago
How is this different from OpenID?
BuzzedWord 7 months ago 27
@BuzzedWord came here to ask the same question. google/twitter/facebook provides similar functionality as well. OAuth?
Sushubh 7 months ago 12
@BuzzedWord more secure technology behind it i think (public key authentication)
lowtone10 7 months ago
@BuzzedWord Instead of using a server to verify your identity, BrowserID uses a unique identifier attached to your web browser.
NathanBLawrence 2 months ago