I don't trust any "organization" to store and manage my passwords. A single subpoena to mozilla for a divorce proceeding or whatever could unleash cascading consequences upon you.

It's not really a "password manager", it uses signed assertions instead of plaintext passwords. It is similar to client certificates, but with a much better UI.

Plus, your keys are stored in the browser, according to callahad, so Mozilla doesn't have to know where you signed up: http://news.ycombinator.com/item?id=4232774

Also, in the future you probably won't even need to contact Mozilla anywhere in the process: your browser will store your certificates for you, natively.

The system is designed to allow your email provider or another Identity Provider that you trust, to store your password instead of Mozilla.

Your identity provider just has to implement the BrowserID protocol https://developer.mozilla.org/en-US/docs/Persona/Identity_Pr...

So what happens if my email account gets hacked? Won't this compromise all my accounts then?

This problem exists today. I can do "forgot my password" on many sites and owning your email account can change the passwords and log in to them.

Persona doesn't attempt to solve this existing problem.

Thank goodness Persona isn't a password manager then.

Why? Genuine question, do you think their security will be better?

The low level protocol - BrowserID - is a federated system, so the "they" in your question can be someone you trust (and Mozilla isn't hardcoded)

You can use any browser and if it has native support, it will do the client side crypto. It will store your public/private keys in the client.

You can use any Identity provider (email provider probably) and if they have native support, they will store you password and do 2 factor auth or whatever.

This removes websites (relaying parties) from the password storage business. All they get is an email address and a way to cryptographically check to see that you owned it.

The crypto that powers the BrowserID protocol is an open standard, so you can vet it. It's been designed by crypto experts in an open forum.

One more correction. The identity/e-mail provider does not store your password, it merely signs your key for which it can use whatever authentication it wishes. Most probably the same user-id/password combo you use to read your mail, but the BrowserID does not dictate that, it is up to the provider to decide.

After that the identity provider just gets requests from services that do not know its public key yet, but typically it is asked only once per service as the key is stored in a local cache. And even when the key is asked, the provider cannot know for which email verification address it is needed.

All in all I think this is a great system. It puts a lot of trust in the e-mail provider, but I think that's all right as the provider already has full control of your personal e-mail anyway and hence is trusted by default.

Ideologically? Yes. Technically? Not so much.