|
|
|
|
|
|
by peacemakr_io
2376 days ago
|
|
|
I find punching in a username + password extremely inconvenient, and this is why I never create new accounts from scratch. OpenIDConnect is integrated across several platforms, and allows for us to centralize authN and authZ behind a single secure trusted Identity Provider, such as google auth, facebook auth, github auth - whatever make the most sense for your audience. It's the same idea as password-manager, a single trusted login, but better, because there's no password-management nonsense. I'd argue is not the failure of user, but, the failure of the tech community. So what I am hearing from you is "user authentication" is your greatest security challenge? |
|
|
So you now have a handful of failure points. I also am against the idea of building my entire user base off of someone else's platform. It's just asking for trouble down the road.
"I find punching in a username + password extremely inconvenient, and this is why I never create new accounts from scratch."
Security is really never convenient. You need to have a good balance between the two. A password manager is pretty convenient, even my non-tech savvy parents can use one.
"So what I am hearing from you is "user authentication" is your greatest security challenge?"
No. I was making a comment about the recent Ring hacks and how if you are a startup and the exact situation happens, there isn't much you can do beyond telling users to use different passwords or forcing a password change.
Even if you have the most secure encryption in place and all the best security procedures, if your users pick terrible passwords (or another site gets hacked and they use the same password), they will get their accounts hacked.