|
|
|
|
|
|
by callahad
5005 days ago
|
|
|
Persona does place a lot of power in the hands of email providers, but as Flimm points out, that's already the status quo. Persona doesn't make that any worse. What's more, Persona can be used with any email provider, so users can control who they trust, or take that trust into their own hands. Because that trust relationship is more explicit, users are (as your post demonstrates) more likely to consider the implications of trusting a specific email provider, which is a good thing. A world with better password reset policies is still a world with passwords, and leak after leak have shown that 1) it's hard to get every site to do the right thing, and 2) people use and re-use terrible passwords. Persona lets sites do the right thing by default (since there is no password to store), and it lets me as a user better control my own security. |
|
|