[marcioaguiar]

He was just making a point that authentication protocol is a domain choice (from 2-digit passwords to retinal scan).

It's up to the users to trust the domain he is going to use as identity. Just like many people trust Facebook Connect.

[DannyBee]

But facebook at least has standards (or is believed to, i have no knowledge).

Why should, for example, google, ever trust, say, fred's discount web hosting, enough to let them login to gmail?

Not in the sense of "these guys could compromise gmail" (which is a worry in certain elevated privileges contexts), but more in the sense that "people are still going to say 'my gmail got hacked'" if their gmail gets hacked because they made bad choices. They do now!

Google will still get blamed, and their only real option is to decide not to accept certain identity providers (IE blacklist or whitelist). Long term, how are we not going to end up with just a mishmash of who accepts what?

I've read a bunch of docs on persona, and it doesn't seem to address this past stating how wonderful user choice is, and how making this more distributed will make the web more secure (which seems, well, wrong)

[badida]

I think the criticism that we haven't made a strong enough point of why this makes the Web more secure is legitimate. We haven't made this point as well as I'd like.

I'll take that as inspiration for a future blog post. Thanks for pushing us, please continue to do so. We listen.

[shardling]

For most people, they already use an email account to authenticate. Pretty much every single login I have, someone with access to my primary email account could co-opt with the snap of their fingers.

If your email provider is vulnerable, you're already fucked, except for those accounts which use two-factor auth. And persona isn't intended for your bank/etc.

[DannyBee]

But your argument is essentially "we're just as fucked as we are now". Okay, so then, uh, what problem have we solved?

Now we are fucked, after we're just as fucked but not using facebook as the identity provider?

I guess i don't see this as much of an improvement? Honestly, i'm not trying to be snarky. I'm just trying to understand why this seems to be presented as leaps and bounds above what we have now when it seems to be just as bad, just more distributed :)

[shardling]

No, if you choose a shitty email provider you're fucked. But currenty, you're also fucked on a site by site basis if whoever you have an account stores your password in plaintext/etc.

It's an improvement on having dozens of accounts on dozens of sites, both from a security standpoint and a UX one.

[Flimm]

It means users don't have to create and remember a new password for every site they register to, which has security problems.

[vidarh]

> Why should, for example, google, ever trust, say, fred's discount web hosting, enough to let them login to gmail?

They're not. They're letting users who use Fred's discount web hosting as their authenticator to log in. Fred's discount web hosting won't even know when their users try to log in to gmail.

Letting someone authenticate that way is no different than allowing passwords than many users reuse all over the net, including on dodgy sites that might very well take that gmail address and password they were handed and see if they can log in to the gmail account with it (want to be on how many users use the same password on their e-mail and other sites they sign up to _using_ that e-mail?), or writing it down all over the place.

> Long term, how are we not going to end up with just a mishmash of who accepts what?

If we do, we're no worse off than we are today.