A vulnerability found recently in an OpenID-based feature of the Mozilla Persona online identity management service prompted the company to advise Web developers to check their OpenID implementations for similar issues. Mozilla Persona allows users to verify their ownership of one or more email addresses and then use those addresses to authenticate on websites. Users have to remember only their Persona account password, because once they're logged into the service, authenticating on Persona-enabled websites only takes two mouse clicks.