Firefox accounts and Persona
lloyd at mozilla.com
Thu Oct 10 02:50:22 PDT 2013
On Oct 10, 2013, at 2:03 AM, Chris Karlof <ckarlof at mozilla.com> wrote:
> On Oct 9, 2013, at 3:49 PM, Rubén Martín <nukeador at mozilla-hispano.org> wrote:
>> El 09/10/13 23:36, Chris Karlof escribió:
>>> There are several motivations for this, but one is that we are designing services that store encrypted user data by default. The default option is that the encryption key will be derived from the user's password. If a user doesn't have a password with us, managing the encryption key is trickier. We have something called "pairing" in current Firefox Sync, but it has several UI issues with its current implementation, and it's not clear how to fix them. Another option is for us to store the encryption key, which has privacy concerns.
>>> This is a tricky problem with lots of tradeoffs, and we're continuing to work towards a solution that's best for our users.
>> I get the tricky point of needing something to encrypt data, at the end a password/passphrase has to be provided to do the process.
>> Persona can still be used to verify the email provided and then ask for a passphrase to encrypt data, so work flow could be something like:
>> Click on Log in to Firefox Accounts.
>> Persona dialog → Verification → OK.
>> Enter the passprashe to encrypt your data.
> Your suggestion is reasonable and is something we've discussed.
> What is the second login experience? In particular, would you require the Persona dialog/Verification step? If so, why? You already set up a password to encrypt your data, so why not use use the password to authenticate as well? Requiring password + Persona every time is a worse experience, IMO, and adds little value for subsequent logins.
> You might argue that you could use Persona only (skip the password) to authenticate to FxA for when encryption isn't needed. This is a valid point. But we have a password for the user. So why not just use that? It's more consistent.
> In summary,
> Account creation: Verify email via Persona, choose password.
> Account login: Enter password.
I agree with this as a starting point, but as the value that Firefox Accounts grows far beyond just sync, we need to be architecturally prepared to allow login via email verification to fxa.
Luckily, how you authenticate, and how you derive keys - the most visible decisions we will make - seem to be the least complicated to change.
I suggest we keep a strongly validated email in the firefox accounts database, and we plan to support multiple authentication methods (which is a noop really, it's just a mindset).
>> Rubén Martín [Nukeador]
>> Mozilla Reps Mentor
>> Sync-dev mailing list
>> Sync-dev at mozilla.org
> Sync-dev mailing list
> Sync-dev at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Sync-dev