What is it that you do when you log in to any website? No, not what you do on the site itself, but what logging in itself does. When you log in to any website, you share your identity with them. In the real world, your face or voice would be enough, but on the Internet, you need something else.
Email IDs: Your online identity
When it comes down to identity though, what is that one piece of information that really defines your identity? It isn’t your username and password; you could forget those, but you’d still have a way to recover them. You could provide the website with your user name, your birth date, answer your “secret” questions, but in the end, there is only one bit of information that clinches it. Yes, it’s your email ID! Even if you forget your password, this is where your new password or password recovery instructions finally get sent. If a dystopian future does lie ahead, people won’t go around wearing plain grey clothes, referred to by the number branded on their forehead, it’ll be email IDs instead.
How BrowserID works
Here is how a BrowserID-based login procedure might proceed.
You click on the log in button on a site. A BrowserID window pops up asking you to sign in, or pick one of your associated emails if you are already signed in.
You pick one – after signing in if required – and use that to log into the site. The site on the other hand, gets your email address from BrowserID, and is assured that this email is verified.
In the end, you need to remember fewer passwords; the site gets you as a user without having a complex authentication system of their own, everyone’s happy.
BrowserID: Users control how they log in
Of late, websites such as Facebook and Twitter have become the gatekeepers of your identity. It isn’t really fair to people who don’t want to reconnect with their long-lost friends – long-lost, lost for good reason – and the family members they usually avoid just to comment on a blog. Wouldn’t it be better to have a login system not built by people who aren’t in the business of curating personal data? Mozilla is working on a solution called BrowserID which won’t need you to provide your grandmother’s dental records to create an account, just an email address. That is all you are in the end anyway. The intention of BrowserID is to set up a user-centric login system, where the user controls how, when, and if they log in, what email to provide, etc.
User authentication for a secure login
If you are logged into Facebook, and you visit a new website that supported Facebook logins, that doesn’t mean you want to automatically be logged into that site, even if you have done that before. BrowserID ensures that this authentication process involves the user, so you decide, by clicking the sign-in button, whether you wish to sign in. When nearly all websites need a solution to log in, why is this essential feature not part of the browser itself? BrowserID will try to rectify that as well, by having an important part of the sign-in process conducted by the browser itself, so you know this process is authentic.
Logging in is easy with a BrowserID-enabled browser
Eventually, Mozilla intends this system to be distributed. Instead of Mozilla running the BrowserID verification service on their own servers to authenticate, each email provider could run it on their end. So once you log into Gmail, your BrowserID-enabled browser will already see that as proof of your identity and be in a position to relay that identity to any site you choose to log into. There is at least one essential service only available to those who use BrowserID. You know how you forget what your favorite beer is, exactly when you need to know it the most? The My Favorite Beer website lets you store that preference safely online.
The following video demonstrates this site, and pretty much all of BrowserID’s features:
BrowserID is used in few sites now, mostly for demonstration, within Mozilla’s own circle of websites; it is a technology still very much in development. Mozilla is quite committed to it though, and it is only a matter of time before it starts to see some wider adoption.
[Visit Browser ID]