[psandor]

The example he uses isn't the best though. Unless your product is about identity or have other special circumstances, you should absolutely not implement your own login system. It's a lot more complicated than what the article suggest: security, _proper_ hashing, forgot your password, change password, change email, password strength, MFA, privacy, compliance, social logins are just a few things/flows coming to my mind that are standards today. Implementing these instead of focusing on the relevant features of the application is very rarely the right decision.

[tbrownaw]

Depending on what you're doing, user accounts seem like a rather fundamental thing to be transferring control of to some third party that could, I don't know, decide they only like green while you're orange.

[psandor]

Both options have risks, in 90% of the cases, the risk you pointed out is smaller then the risk from the lost opportunity cost (working on something not relevant for the service), insecure implementation, sub-optimal UI, etc.