|
|
|
|
|
|
by fizbin
3583 days ago
|
|
|
We can certainly do without passwords for every stupid little website. Unless you're rightfully a central force in the user's life - say, their main bank - you really should have users log in through Google, or Facebook, or Twitter, or someone else who almost certainly can guard their passwords better than you can. It's shameful that it's so much easier to find tutorials on how to store passwords "securely" (including several tutorials that tell you crazy insecure things, like storing with unsalted commodity hashes) than it is to find tutorials on how to integrate your brand new battling-fairies website game with OAuth for authentication. |
|
|