Identity/Persona Shutdown Guidelines for Reliers
When the Mozilla Identity team transitioned the Persona login system to community ownership, we committed resources to operational and security support throughout 2014, and renewed that commitment for 2015. Due to low, declining usage, we are reallocating the project’s dedicated, ongoing resources and will shut down the persona.org services that we run.
Mozilla ended support for the persona.org service on November 30th 2016, and it was shutdown at the end of 2016.
This page exists to help website owners migrate their sites away from persona.org.
FAQs
A website I use requires Persona for login, what should I do?
You will need to contact the site owner and ask about their plans for migrating away from Persona.
Mozilla staff can find more information about the progress of migrating internal sites on this mana page.
Why is persona.org being shut down?
Our metrics show that usage of persona.org is low, and has not grown over the last two years.
Hosting a service at the level of security and availability required for an authentication system is no small undertaking, and Mozilla can no longer justify dedicating limited resources to this project. We will do everything we can to shut it down in a graceful and responsible manner.
What will happen in the meantime?
Up until November 30th, 2016, Mozilla will continue to support the Persona service at a maintenance level: Security issues will be resolved in a timely manner and the services will be kept online, but we do not expect to develop or deploy any new features. Support will continue to be available on the dev-identity mailing list and in the #services-dev IRC channel.
All websites that rely on Persona will need to migrate to another means of authentication during this time.
What happens after that?
On or after November 30th, 2016, the services hosted by Mozilla on persona.org will be taken offline. This includes the persona.org website, the javascript shim, the fallback IdP and identity bridges, and the hosted verifier.
Mozilla will retain control of the persona.org domain and will not transfer it to a third party. This is a security measure to protect websites that have not completed their migration away from the service.
All user data stored on the persona.org services will be destroyed, including registered email addresses and password hashes. Since the privacy of user data is of utmost importance to Mozilla, we will not transfer it to any third parties.
What about the code?
All of Persona's code -- core, bridges, shims, and more -- is open source and remains available on GitHub. Though this marks the end of Mozilla's direct involvement in Persona, we encourage others to continue learning from and building upon our work.
Migration Suggestions and Guidelines
The following alternative login options are available for sites migrating away from Persona. We will continue to update this page throughout the year.
We intentionally designed Persona to expose email addresses rather than opaque identifiers, which should ease the transition to other systems that provide verified email addresses.
Mozilla-hosted sites may find additional, staff-login-specific migration options on the internal mana page.
Delegated Authentication Providers
Many large email and service providers offer delegated login for third-party applications, including Google, Facebook and GitHub. Indeed, we have found that many sites currently using Persona also offer login via one or more of these services. While these services do not offer equivalently-strong privacy guarantees to Persona, they are a convenient and secure choice for users since they avoid the creation of a site-specific password.
We plan to offer delegated authentication with Firefox Accounts some time in 2016. If you’re interested in adding Firefox Accounts as a login option to your site, please reach out to us on the dev-fxacct mailing list.
Site-Specific Accounts
Many web frameworks offer password-based user accounts functionality out-of-the-box. Although it requires users to create and remember yet another password, it can be a good choice for users who do not have (or do not wish to share) an account with a delegated authentication provider.
For existing users who previously authenticated with Persona, you could consider authenticating them through Persona again to confirm their email address, then prompting them to create a site-specific password.
Passwordless Email Login
As an alternative to setting a site-specific password, you can allow users to login directly via email link, as described in this article and implemented by libraries like passwordless. This can avoid the security implications of users having to create and manage another password, and may be a good fallback option when used in combination with delegated authentication providers.
Self-hosting Persona
Since the code for Persona is open-source, it would be possible for reliers to self-host an instance of the service that is dedicated to their own use.
This approach is not recommended most reliers. Persona has a large and complex codebase that has not seen significant development in several years, and Mozilla will not provide security or maintenance updates after 30th November 2016.
More?
We encourage affected reliers to document any alternative solutions here and to discuss them on the dev-identity mailing list, so that others can benefit from their experience.
- The Portier open source project attempts to replicate much of Persona's user experience, while being easy to self-host, even on the free tier of PaaS providers like Heroku. Similar to Persona, Portier supports identity-bridging to Gmail. It falls back to passwordless-style login links for everyone else.