JSFoo chevron_right 2013 Day 1

Killing Passwords with JavaScript

The year is 2013. Sites are getting owned left and right. Password databases are leaked for the lulz. You look at the hashed passwords in your database and hope your site's not gonna be next.

As with most other problems on the web, the answer, it turns out, is JavaScript. As a wise man once said: "When in doubt, always bet on JavaScript."

Mozilla is working on a new cross-browser login system for the web that's built entirely in JavaScript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-respecting experience.

All you need to get started is an email address and a handful of JavaScript. No passwords to hash, no confirmation emails to send, nothing to install. Welcome to the future.

François is a software engineer on the Mozilla Identity team where he fights for the open Web by building alternatives to centralised proprietary silos.

A long time Debian developer, François has been involved in Open Source for over 10 years and regularly contributes to several projects. He also volunteers for the Free Software Foundation and leads the development of Libravatar.org.

More videos


RedRaphael - JavaScript graphics library on steroids!


JS/Web Dev Stuff (sponsored)