Persona is the only way to login

A couple of weeks ago, Debuggex gave you the ability to create an account and save regular ex­pres­sions to the account.

Au­then­ti­ca­tion for your account is provided ex­clu­sive­ly through Mozilla Persona, and I'd like to explain why that decision was made.

  1. Debuggex is still a one-man team. Resources are very con­strained, and time has to be properly managed. I want to focus on building a kick-ass platform for your regular ex­pres­sions. Mozilla is building a kick-ass identity provider/protocol, and using Persona costs me sub­stan­tial­ly less effort than rolling out my own.

  2. I don't want to manage your password. Countless mistakes have been made with storing and managing passwords. While I probably wouldn't make any extremely terrible mistakes, the risk that I would is enough to keep me up at night. The team at Mozilla is much better suited to handle this.

    There is an important corollary. Several (awesome) features are in de­vel­op­ment that inherently require au­then­ti­ca­tion, so the barrier to creating an account needs to be as small as possible. Since I am not managing your password, you can trust that creating an account on Debuggex is very low-risk. You need to trust only your identity provider.

  3. Persona gives huge im­prove­ments in user privacy versus other identity providers. When you login with Facebook, Google, or even OpenID, you are providing in­for­ma­tion about when and what websites you're logging into. This in­for­ma­tion can be used to track what you do on the web.

    With Persona, the identity provider gives your browser a cer­tifi­cate that proves ownership of your email. Your browser then allows you to login to a website without talking to the identity provider. You can read a better de­scrip­tion or get into the nitty-gritty

Using Persona ex­clu­sive­ly is a very strong vote of confidence. It is currently the best way to do au­then­ti­ca­tion. Despite Debuggex being small, a public vote of confidence encourages the Persona team to continue building awesome stuff. It also encourages other websites to use Persona, and that makes au­then­ti­ca­tion better for everybody.

In addition, ex­clu­siv­i­ty means I am very sensitive to bugs or other problems. I can point the team to the things that have the highest impact for Debuggex users, so that Persona gets even better. In fact, one of the Persona developers has already made a personal commitment to support Debuggex' needs.

If you have any feedback on the login flow for Debuggex, or any thoughts on this article, please don't hesitate to email me.

(Ab)using crowdfunding to validate your market » « How my crowdfunding turned into singlefunding