JSFoo 2013

All about being creative with JavaScript

Francois Marier


Killing passwords with JavaScript

Submitted Jul 22, 2013

Attendees will understand why asking users for passwords is a bad idea and they will learn the basics of the BrowserID protocol so that they can take advantage of Persona on their own sites or webapps.


The year is 2013. Sites are getting owned left and right. Password databases are leaked for the lulz. You look at the hashed passwords in your database and hope your site’s not gonna be next.

As with most other problems on the web, the answer, it turns out, is JavaScript. As a wise man once said: “When in doubt, always bet on JavaScript.”

Mozilla is working on a new cross-browser login system for the web that’s built entirely in JavaScript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-respecting experience.

All you need to get started is an email address and a handful of JavaScript. No passwords to hash, no confirmation emails to send, nothing to install. Welcome to the future.

Speaker bio

François is a software engineer on the Mozilla Identity team where he fights for the open Web by building alternatives to centralised proprietary silos.

A long time Debian developer, François has been involved in Open Source for over 10 years and regularly contributes to several projects. He also volunteers for the Free Software Foundation and leads the development of Libravatar.org.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more