[bernierocks]

"google auth, facebook auth, github auth"

So you now have a handful of failure points. I also am against the idea of building my entire user base off of someone else's platform. It's just asking for trouble down the road.

"I find punching in a username + password extremely inconvenient, and this is why I never create new accounts from scratch."

Security is really never convenient. You need to have a good balance between the two. A password manager is pretty convenient, even my non-tech savvy parents can use one.

"So what I am hearing from you is "user authentication" is your greatest security challenge?"

No. I was making a comment about the recent Ring hacks and how if you are a startup and the exact situation happens, there isn't much you can do beyond telling users to use different passwords or forcing a password change.

Even if you have the most secure encryption in place and all the best security procedures, if your users pick terrible passwords (or another site gets hacked and they use the same password), they will get their accounts hacked.