Why not have both? If the browser is capable (theoretically) of handling logins from an http header this would be awesome in my opinion. Personally I would much rather have the browser be responsible for logins after seeing more and more forms use funky JavaScript which breaks standard functionality. Persona could just be built-in or a plugin, you could just say 'log in with Persona'. You could have account profiles, with varying levels of privacy, you could maybe allow the end-user to decide if 2-factor auth can be used where previously not available, there are a lot of possibilites to me and it would standardise the process. Of course, this may just be pie in the sky but overall I agree with the author on this.