The problem with passwords on the web and what to do about it

Accepted Session
Short Form
Scheduled: Thursday, June 20, 2013 from 2:30 – 3:15pm in B202/203


Handling user passwords safely is hard, but replacing passwords on the web in a reasonable way is even harder. Really, this should have been in the browser all along. This is where Persona comes in.


Users hate picking and having to remember them. Developers hate dealing and storing them. Why are we still using passwords again? Surely there is a better way to log into websites.

This talk will take a detailed look at the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy.

We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of its users, not a for-profit gatekeeper.

Attendees should come out of this talk with a high-level understanding of the client-side crypto behind the BrowserID standard as well as the four simple steps required to add support for Persona on their sites.

Speaking experience

I have spoken at various local and international conferences in the last 3 years. Slides, audio/video recordings of some of these talks can be found here:

I have given similar talks to this one at other events.