I've been using Persona as my sole login mechanism on http://letscodejavascript.com for over a year. I want to love it, but I don't.
The goals behind Persona are excellent: strong privacy protection and relieving website operators of cumbersome and error-prone authentication management. I love the idea. It's why I implemented Persona on my site.
The execution of Persona has been a bit wobbly. Logins are critical infrastructure and it doesn't feel like Mozilla is approaching Persona from that perspective. The team has been fantastic (thanks, callahad) but when things go wrong, it can take a long time for them to get resolved. Meanwhile, I'm left scrambling for a workaround.
An example: when the Yahoo bridge was implemented, it broke Persona for everyone who used a Yahoo alias [1]. A nasty break that returned a non-helpful error message. Something that serious merits an immediate rollback, in my opinion--but instead, it was left in place for several weeks until a interim solution was rolled out. The interim solution has some fairly serious UX problems, but the full solution has been open for 10 months now [2].
I want to love Persona, and I can't really afford the time required to do my own authentication, but it scares me that I'm so dependent on it.
Perfect solution? It works like it was custom-built for my site, is as easy and predictable to implement as Persona's `get()` API, and of course has excellent security, privacy, and operations.
I would have been willing to pay for such a thing had it existed when I started. It would have needed to be proven, though, because I worry about longevity. The exact price isn't so important, within reason; say, less than $100/mo. At the higher end of that range, I'd expect it to have some serious word-of-mouth gushing.
The goals behind Persona are excellent: strong privacy protection and relieving website operators of cumbersome and error-prone authentication management. I love the idea. It's why I implemented Persona on my site.
The execution of Persona has been a bit wobbly. Logins are critical infrastructure and it doesn't feel like Mozilla is approaching Persona from that perspective. The team has been fantastic (thanks, callahad) but when things go wrong, it can take a long time for them to get resolved. Meanwhile, I'm left scrambling for a workaround.
An example: when the Yahoo bridge was implemented, it broke Persona for everyone who used a Yahoo alias [1]. A nasty break that returned a non-helpful error message. Something that serious merits an immediate rollback, in my opinion--but instead, it was left in place for several weeks until a interim solution was rolled out. The interim solution has some fairly serious UX problems, but the full solution has been open for 10 months now [2].
I want to love Persona, and I can't really afford the time required to do my own authentication, but it scares me that I'm so dependent on it.
[1] https://github.com/mozilla/persona-yahoo-bridge/issues/178
[2] https://github.com/mozilla/persona-yahoo-bridge/issues/201