Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Designing for failure (lwn.net)
97 points by jsnell on Jan 29, 2017 | hide | past | favorite | 7 comments


It's not apparent from the headline, but this is an examination of why Mozilla Persona failed.

Most of the points raised here (e.g. needing third-party buy-in, popup UI built into browser, endpoint fragmentation, problems with communicating the use-case to users) have been overcome and solved by U2F, a technically distinct effort (for two-factor authentication) but one that users might perceive as having some overlap. So perhaps the question to ask is, what sorts of factors helped U2F that didn't/couldn't help Persona?


Adopting Persona (or any "outsourced" login system) feels like giving up control of your users table to some third party. As with OAuth and OpenID before it, major websites want to be providers at most, no one wants to be a relying party.

Adopting U2F feels like getting a serious enterprisey security system (smart cards) in an open-source, hacker-ethos way. It doesn't feel like giving up control because no one in U2F's target audience (besides Amazon Web Services) was already managing their own smart card deployment.


> Adopting Persona (or any "outsourced" login system) feels like giving up control of your users table to some third party.

I personally agree with you, but everyone is tripping over themselves to give control to FB, G+, Disquss, etc.


That is not an entirely irrational decision for many web sites.

There is a liability that comes from maintaining accounts and passwords in particular. It can make sense to let the large players take on that risk.


I don't think it's entirely irrational either. It sure makes sense in some situations. I'm just not easy with giving something so vital to the health of a site to a 3rd party


If you watch the talk, their main problems were designing Persona as a hosted service within Mozilla so that others could not replicate, and creating it as a product and not a platform so success was measured the wrong way for what their aims should have been. I was in the audience for this and it was a great talk, recommended watching.


There's a recording of this keynote at https://www.youtube.com/watch?v=3dDGkLHOldw

There's also a more in-the-weeds braindump of where Persona went wrong at https://github.com/portier/portier.github.io/blob/master/Oth...

The actions we've seen from the executive branch this past week should underscore the importance of building decentralized alternatives to systems that forcibly route users through American corporations.

Persona failed.

Build something better.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: