[yjyft846jh]

I don't understand how this is an advantage over just using email address as username with a password, like many sites do already. Can someone please explain the benefit?

[Edit: message to user Anonymous09, who replied to me below - you appear to have been hellbanned since the past three weeks. Thought you ought to know.]

[badida]

Every time you create an account at a new site, you're opening up a way to get hacked. Because, like most humans, you probably reuse passwords, or at least have password similarities. And many web sites tend not to have the resources to properly secure their user database.

So, accounts on every new site you visit is both inconvenient and slowly degrades your security.

You could switch to centralized identity silos, logging in with Facebook or Google everywhere you go. Now you've got the problem that these big companies are tracking your every move, enforcing "real-name" policies forcing you to unify all of your web activity into one account, etc.

Persona is the best of both worlds: convenience and reduced security exposure, plus your choice of identity wherever you go with much better privacy.

[yjyft846jh]

Very clear explanation, thanks!

[whatshisface]

If I knew your email, I could make an account on a website in your name without you knowing.

[yjyft846jh]

I don't see how that would cause a problem. If the website ever sent an email to me, I would know about it and just be able to do password recovery and delete the account. If the website never sends an email, it's of no inconvenience to me.

In that case is this not just functionally equivalent to sending a validation email upon account creation, as many sites do already?

[gcr]

Why?

If you know his email, then the website's confirmation link will still go to his inbox.

If you know his email and password, then Persona wouldn't help anyway.