So the goal is basically: I have a computer at work, a computer at home, a computer in my pocket, and a computer I just borrowed to check something at a friend's house. I want to be able to go to the same random site on all four devices and have it recognize that I am the same person, without (1) remembering a special password for that site, or (2) trusting that site in any way.

So there are two ways to do that. One involves generating a certificate on one of my devices and somehow communicating it to the others without a central authority. The other involves a central authority that each device can communicate with.

The first way will be, let's say, extremely challenging to get working reliably across all devices and platforms in a way that average users can handle. So Mozilla went with an extremely flexible version of the second way. It goes like this: users remember a Username and URL, in the form Username@URL. They also remember a Password which is only shared with URL. When I want to identify myself to that random website on any of my four devices, Mozilla helps me get a verifiable statement from URL to send to the random website that I am Username@URL.

There are two things mixed in to make it more likely this will take off. First, users are already used to remembering Username@Url / Password credentials, so they don't have to learn anything new to identify this way. And second, because existing Username@Url identities are email addresses, Mozilla can offer an intermediate identification service based on the ability to receive email, until other identity servers come online.

TL;DR: By using an intermediate ID server and credentials that look like email addresses, Mozilla has created a path to cross-device, cross-platform user ID that solves the problems of user adoption, technical adoption, and independence -- it can be implemented in existing browsers, understood by existing users, and offers a clean transition to completely decentralized identification. Very cool.

Multiple accounts is a good idea because it creates separate security domains which cannot be broken. You crack my Facebook password, there's no way you can get into my completely separate Citibank account. The one-login-for-all model is less secure because it centralizes your accounts into one general security domain: the ID provider.

If you hadn't made it a requirement that you can use the computer at your friend's house, this would be more secure, because you could keep your private keys just on your trusted devices. But now you're on a foreign device and you didn't bring your keys - so you have to either get them from your ID provider, or generate new ones.

Now an attacker can either A. break into the ID provider and steal the keys for all the sites you use, or B. intercept the username/password login to your ID provider.

The risk of A. is of course possible, plausible, and given the track record of companies with the highest security reputations in the land being pwnd by lame phishing expeditions, likely to actually work (eventually).

If you were using your home computer with the keys already stored in the browser, B. would be impossible, but you're at a friend's house with no keys. And my guess is there will be malware developed just to disable browser keys, force a u/p login, collect the creds, and try all online banks using this system to find your account and siphon funds. (This is exactly what malware does today, only they usually use direct injection of your normal banking browser sessions or steal saved logins)

Of course you can use separate accounts with Persona. They advertise you using a work e-mail and personal e-mail to make separate accounts. But let's be realistic: who the hell wants to complicate their logins further? People will probably use one e-mail for all their accounts - because it's easy.

I have a solution for these security concerns. It's to stop trying to making security easy. If you forced people instead to jump through hoops for the one or two accounts which really need to be extra secure, they'll deal with it (once) and get on with their lives.

Banking is one example. You can step a user through generating and storing a client certificate, and then they never have to do it again until they use a new computer. If they need access from outside their home (WHICH IS A BAD IDEA, BUT ANYWAY,) they can use a temporary e-mailed login token which is only good for one session and requires things like login rate limits, additional identity verification, etc. We can do this today without any new technology.

Facebook, Twitter, etc aren't sensitive accounts and thus don't need ridiculous security - Persona would be fine for these. Crack my social media accounts, fine, but don't allow things like banks and e-mail accounts to be linked as well. It's like clipping blank checks to your house or office keys.

If you don't want to trust Mozilla, you don't have to.