[OoTheNigerian]

Here is my feedback.

Perhaps the marketing of "persona" to consumers should take a backseat. When I signed in to http://123done.org/ the pop up* showing "sign in with persona" confused me for a moment. For a moment, I thought.. "but I do not have a persona account"

If there is a way for users to just sign in with their email without telling them how it is done, I am sure there will be even less friction.

Of course, the persona architecture could still be marketed to developers for integration purposes. But for users, let it just be like magic.

PS: I did not see the Firebase implementation they spoke of. I am still told to make sure my password has 8 characters. https://www.firebase.com/signup/

*https://www.dropbox.com/s/4ay0qp434rqd0dm/persona.png

[6a68]

The Persona branding is necessary because you aren't creating an account with the underlying website--you're creating an account with the persona.org fallback identity provider (that is, unless you're using a yahoo.com email or another Persona identity provider).

Think about it this way: suppose you create a persona.org account at site X, then visit site Y which also uses Persona for login. It would look like site Y recognized you, but how? Seems like an incoherent user experience.

Does this help at all?

Firebase offers a login service which includes Persona alongside Facebook, Github, Twitter as login options. They've got a demo here: http://firebase.github.io/firebase-simple-login/

[TylerE]

You're losing 95% of users right there, including many techies. What's "Persona" vs "persona.org" vs "Persona identity provider" vs "persona.org fallback identity provider"

[ricardobeat]

I don't think any site using OpenID has a 95% bounce rate because of it. Persona is the name of the magic, you need a way to tell it from OAuth and other sign-in mechanisms.

[cmpitg]

So how about something like "Sign in to ABC with Persona", or "Sign in to ABC with Personal using your email" (more specific)?

[ricardobeat]

It's the same as "Sign in with Google", "Connect with Facebook", "Sign in with Twitter". It's implied.

[cmpitg]

Well, I personally don't think they do imply the same thing from a user's perspective.

* Google, Facebook, Twitter, ... have become so well-known brands comparing to the new Persona. Normal users could quickly get a sense of what "Sign in with Google/Facebook/Twitter/..." means, but not "Sign in with Persona" means.

* Persona is not a social network while other mentioned brands are or provide a sense of social network. A user might perceive "signing in with <your-favourite-social-network-provider>" as an act of making the site a part of the network; while with Persona it's totally different.

[OoTheNigerian]

I get where you are coming from but I strongly thing you should test it.

So if for instance, the user enters his email and is using a persona identity provider, e.g Yahoo It could just give a message 'Sweet, why don't you login with Yahoo " or create an account.

If the user has a Persona account already, once the email is put, it could say "Perfect! You are logged in"

If the user is using persona for the first time and does not user an identity provider, it could just bring a persona form.

Of course, for each instance, you could have a tiny "powered by persona" somewhere. With a bit of thinking it can be refined.

I do not see any reason why a user will want to start thinking about what persona is. They will just use an alternative (Facebook). What persona should be aiming for should be to become "login with email" and not another 3-in-one brand called persona.

[riquito]

"sign in with persona" may be confusing now but "sign in with your e-mail" it's pretty clear https://developer.mozilla.org/en-US/docs/persona/branding

[dabeeeenster]

It's not clear at all. It's not clear to me and I've been a web developer for 15 years!

- I go to this site that I've never been to before

- It asks me to sign in with my email address, but I've never been to the site before so assume it doesn't "know" my email address

- I think look for a "Create Account" button to set up my account

- Now I'm confused as there is not a button anywhere

- I think "Well, I can't just type my email address in because that has never, ever worked on the web"

And so confusion reigns. Without some sort of iconography explaining what email addresses are accepted a la OAuth most users are going to be completely stumped.

[6a68]

Hey, so any email address will work. If it's not a Persona identity provider, then you'll just get prompted to create an account with the persona.org fallback IdP. You can see this right now by trying to login using a gmail account vs a yahoo mail account.

Does this help?

[dabeeeenster]

I understand the premise now, but it took me a while to figure out how it worked. The problem is, what they really need to say is something like:

"You can put any email address in here. If Persona has seen you before you can just put in your password and you're set. If you put in an email address that we have an integration with (like Yahoo) then you're all set. If you put in an address that we dont know, we'll ask you to create an account and then you'll be signed in. We might well have seen you before, so maybe try your 'normal' email address but the chances are you won't know whether we know about you as this is all too new."

Because THAT is basically how it works (AFAICT) but obviously that's a lot of text and no one actually reads text on websites.

The problem is that no one knows WTF persona is. Like my Dad and my wife have no idea what it is. They are also REALLY nervous about just putting their email address and password for a separate account into a website they have never seen before, AND FOR GOOD REASON!

This is a total usability clusterfuck. You expect my Dad (who calls the entire internet "Google") to accept this and not get worried about it?

They need to put MASSIVE INTERNET BRAND LOGOS in that box. Like Facebook, Google, Yahoo, Apple. Brands like that. Brands that, you know, my Dad has actually heard of and might actually have an account with.

I can see they are going in that direction with the Yahoo announcement, and MASSIVE KUDOS to them for that, that's a big step. Bit right now the usability is fucked and will stay fucked until the Persona brand as as big as Apple's or Google's. So never.

[derefr]

There's a sleight-of-hand Amazon plays with their own sign-in box: they give you a single "email" box, and then two radio buttons -- "I'm new" and "I already have an account and here is my password" [with a password input below that option].

The clever thing is, the radio buttons are completely ignored -- if you have an account and the password matches, you get logged in; if you didn't put in a password, and the email isn't in their records, they bring you to the account creation flow. The radio buttons are just there to let users express a choice they expected to be able to make, and thereby keep them in flow.

A better Persona login box could just do the same thing, but without the password input box under the "I already have an account" option. In fact, since selecting an option is the last step of the flow, just have an email field with two buttons, "Sign Up" and "Log In". Both buttons do the same thing :)

[ajb]

So, maybe the short description should not be 'sign in with persona' or 'sign in with your email', but 'sign in with any email'.

[huhtenberg]

It is not, actually.

A reasonable guess for "Sign in with your email" prompt is that you'd need to go through a typical account creation process using your email as a primary ID. In other words, the message looks like a synonym of "Create an account".

There gotta be more thought put into how to make people aware of Persona mechanism, because it is quite different from all existing sign-in options and it needs to be learned of explicitly.

[drdaeman]

But Persona is all about using your email as your primary ID.

Otherwise they'd just let you use keypair directly, without a hassle of having third parties (email providers) leasing you an identity.

[huhtenberg]

Believe me, _I_ know that. The question is how to word the Persona sign-in prompt so not to confuse an Average Joe.

[newman314]

The popup has to explain WHY it is asking for an email address. Else, Average Joe is just going to assume you are a spam site asking for his email.

[callahad]

After you click a button labeled sign in, the popup reads "[Your site] uses Persona instead of usernames to sign you in. To sign in with Persona, please enter your email address."

I'm not sure I can do better than that text -- do you have any suggestions?

[kevinoid]

Sure. How about adding "This does not require registration in advance." (Or "previous registration" or "a previous account" or whatever is clearest). The problem is users searching for "Create Account" instead of "Sign In" when there is no "Create Account".

Edit: Sorry, on review this post was tangential to the point to which you were responding (about why the email is needed). It was targeted more at the point about user confusion by the login process.

[newman314]

Plus the usual "We will never sell your email info" etc. etc.

Also, the "Learn More" blue text disappears on a gray background. That part needs to pop.

[alefteris]

Regarding Firebase, they said that they "added support for Persona as one of the authentication mechanisms for their Simple Login service". Their main website must not be using this service or not enabled the particular authentication component?

[anant]

That's correct, the Simple Login service allows apps that use Firebase to integrate Persona authentication: https://www.firebase.com/docs/security/simple-login-persona....

This means the data you store in Firebase can be associated with a Persona user, and you can structure your security rules to enforce whatever read/write behavior makes sense for your app.

[stephen]

Agreed, I was really surprised to go through the login.persona.org site; I thought it'd be "type in email, hit login, go to yahoo to say okay, done".

Perhaps this sort of flow is possible, but just requires more work?