Wow. Not only is every single reply to StavrosK completely wrong about how BrowserID works, they're actually doubly wrong. Not only is it NOT centralized, it also can be used with:
- 2 factor auth
- asymmetric encryption (aka, a challenge/response ala PGP)
- whatever security mechanism you want, frankly. It's up to the browserid provider.
My rationale is that it's much easier to secure one provider (the attack surface is much smaller), and you can also run one yourself, making you responsible for all your authentication needs.
OpenID was great in that you could choose any provider you wanted, and nobody could attack them all (not that they'd have to). It just seems like a good solution to use someone whose only job is to provide secure authentication.
- 2 factor auth
- asymmetric encryption (aka, a challenge/response ala PGP)
- whatever security mechanism you want, frankly. It's up to the browserid provider.