(no title)

Let's see if I can help.

Your identity is tied to your ability to prove that you own an email address. You can do that by clicking a confirmation link we send you. Or, as of Beta2 (today!), you can do that by having your domain implement the Persona Identity Provider API, where your domain publishes a public-key and issues certificates to you based on that public key, which you can then use to sign into web sites. Also as of today, we do that for Yahoo users by bridging to Yahoo OpenID, so basically Persona is an OpenID client to Yahoo, gets Yahoo to vouch for your email, and based on that issues you a Persona certificate (backed by our public key) for your email address.

But whatever way you go, it's about proving you own an email address and obtaining a certificate for it.

Yes, someone who has access to your browser can fake your identity if you don't lock your browser/OS, but that's nothing new. In fact, the simple password change is how we mitigate that. As soon as you change your password, we invalidate all sessions on all devices. Certificates last only a few hours, so they'll be disabled quickly too.