Password Managers are not Enough

We’re expected to create and remember unique passwords for every website. To do so with memory alone is unthinkable, but tools — notebooks, spreadsheets, and password managers — are rarely used and offer imperfect reprieve.

Because passwords rarely change, a single compromise can grant months or years of fraudulent access to an account. Such breaches are distressingly common: LinkedIn, Yahoo, Blizzard, eHarmony,, Formspring, Billabong, and NVIDIA all suffered exposures in 2012.

The collateral damage is much greater: users are at risk everywhere those passwords were re-used.

Would better tools — better password managers — help? No. Password managers can only mitigate collateral damage. They can’t improve site security, nor can they affect the longevity of passwords. Thus, the passwords themselves are the problem, and they should be managed only insofar as they cannot be eliminated altogether.

To abolish passwords, web developers must support alternative login mechanisms. Facebook Connect, Sign in with Twitter, and OpenID are the most prominent replacements for traditional login systems, but they’re far from ideal. Each requires compromising user experience, prospective audience, visitor privacy, or data ownership.

Mozilla Persona is an attempt to find a better balance. It gets rid of per-site passwords, works on all major browsers, and can be used by anyone with an email address. There’s no lock in, and it’s dead simple to implement. If you’re a user, please ask your favorite sites to support Persona. If you’re a developer, please consider adding support today.

Should you have questions or need help integrating Persona into your site, please do not hesitate to contact me.