If you look around the news you will always hear about some big name that has been hacked and had their password database compromised. In recent news, this has happened to many people like these guys and them, but if you keep looking you’ll find tons more. The topic of security and how you are storing passwords always comes up, but this is not the point of this posting. I wanted to take this time to point out a Mozilla based project which helps in this area. BrowserID is “A better way to sign in” that take use of Mozilla’s service for storing the user’s passwords and lets your application validate the user and log them in.
There are other services like this out there that achieve the same thing, but I feel that BrowserID is easy to setup and the overall flow seems very nice to me. In the end as a Developer I don’t want to be dealing with boring user registration code and passwords validation when I can be writing my application and having fun working on new features. Also, not having that feeling at night right before falling asleep thinking about if your users passwords are safe or not is always nice too! ;)
I coded up a small example about how to use BrowserID with Sinatra. All code can be found on GitHub.
This is the haml index file,
This is Sinatra application code.
If you are wondering if any site are using BrowserID, you will find that Mozilla has switched over to using it (Eating your own dog food) along with OpenPhoto. Also the Drupal community was able to make a module for using BrowserID.
I have an open pull request for the BrowserID Cookbook Repo on Github, so I’m hoping the code will be added soon.
Here are some resources links,
Any feed back is welcome, feel free to comment or fork the code on Github!