Ask HN: Should you implement your own authentication system?

[darumderum]

How would you proceed to add a login to your website? Setup a database with bcrypted credentials? Use a service / oss? What are common pitfalls? What's your thought on Auth0, Azure AD B2C, Keycloak, ORY (especially Kratos) and others? Would you still recommand using a full-blown solution if there are just basic customer logins required (not even self registration)?

[new_guy]

Why would you not do it yourself? It's literally webdev 101.

If you offload it to a 3rd party you're giving them access to your entire customer base (regardless of what they say), you're also introducing multiple points of failure and increasing your attack surface.