April 20, 2016
Identity management in the post-Persona world
The impending demise of Mozilla's identity management system, Persona, doesn't thange the fact that a sound blend of password management and unified authentication is the future of identity management says V Balasubramanian.
V Balasubramanian, product manager, ManageEngine
Mozilla's identity management system, Persona, was met with plenty of optimism when it was first launched five years ago. It not only provided a much-needed alternative to remembering a long list of passwords, but also provided what many felt was a more reliable and secure alternative to the outsourcing of unified identity management to large corporations such as Facebook, Twitter and Google. The future seemed bright for Persona.
However, come November, Persona will be a thing of the past. Due to “low, declining usage,” Mozilla will be closing the door on Persona.
Despite its imminent closure, Persona managed to advance the field of identity management. It introduced verified email protocol, which enables users to use one email address to log on to any website that supports the protocol — much like logging on to websites with a Facebook account, for example. That means end-users do not have to create site-specific passwords. Instead, they can log on to multiple websites using a single email address. End users enjoy the twin benefits of not having to remember multiple passwords and not passing along information about their browsing pattern to social media giants.
Persona's impending shutdown reiterates a few important facts and indicates the direction of the identity management market:
• Password-based authentication is still the dominant mode for providing access, and passwords are here to stay. Life with fewer passwords is still a distant dream.
• Unified authentication systems are clearly needed, but they cannot stand alone. In most cases, end-users will need to create site-specific passwords. At best, unified authentication systems could coexist with traditional, site-specific, password-based authentication.
• Data privacy concerns loom large and stand in the way of large-scale adoption of identity management through social media.
analysts and industry luminaries have long been predicting the disappearance of passwords. Unified authentication technologies, including Persona and password alternatives such as biometric authentication, iris authentication, facial authentication and even authentication through watches, jewelry and electronic tattoos, are all steps in this direction.
Interestingly, none of the alternative approaches have been viable so far, for various reasons. Passwords are easy to create and are absolutely free. The alternatives, on the other hand, are typically expensive, difficult to integrate with existing environments, difficult to use and require additional hardware components.
So, where is identity management heading?
The future of identity management will most likely be a combination of password management and unified authentication. However, password-based authentication will continue to be the most prominent mode, and users will have to create and manage passwords. Wherever possible, unified authentication systems will be leveraged.
Federated identity management solutions, which help subscribers use the same identity to access multiple Web applications, will complement password management. Privileged account management solutions that support federated identity management, along with traditional password management, will prove quite beneficial.
Persona will soon be gone. The news has rekindled debates on the death of passwords, the emergence of alternatives, and the future direction of identity and access management. Plans to launch projects similar to Persona are also being discussed in various forums. But the future direction of identity management appears certain: a sound blend of password management and unified authentication. The two will complement each other — one cannot outweigh the other or stand alone.
Contributed by V. Balasubramanian, product manager, ManageEngine