[yc1010]

I was using it for years on our sites, IT IS very easy to implement for a developer, especially easier than dealing with oauth oddities from google,facebook,microsoft etc

Yes one can program own username/password etc login, but it is actually alot of work making a proper one with all the edge cases (, password strenght, email validation, verification, account recovery) and so on and so on. I know because I have done it dozens of time and each time the project has slightly different requirements

Mozilla Persona was dead easy to implement on the other hand! Also alot of people did not like and complained about having to login with Google, Facebook etc yet the same people had no issues trusting Mozilla due to the goodwill they built up with firefox and their fight for privacy

[metafunctor]

It really doesn't look all that easy. https://developer.mozilla.org/en-US/Persona/Quick_Setup

Especially compared with usernames and password, which is basically built in to anything already.

[WorldMaker]

Persona is the easiest one I've worked with, including usernames and passwords, because getting that correctly working with the best practices of 2015, even with built-in support in most frameworks, is and will always be a PITA, and heavily dependent on fragile DB schemas specific to a given framework's whims.

I think that usernames and passwords are "easy" is something of a sunk cost fallacy, both for developers and users, and we tend to forget how much time and effort we "waste" on this year over year. My password manager is up to hundreds of different passwords I use, and I know a lot of users these days whose "password" starts with the now ubiquitous "Forgot Password" button (which is its own headache to setup and get right), as they are okay relying on the relative security of their email address over the fragility of their own memory.

[homerjam]

Compared to Oauth it's a cakewalk.

[Flimm]

Even when using a framework that has username/password authentication already, you have to worry about whether your confirmation emails are getting sent properly and are not blocked. So, no, it's not simple.