|
|
|
|
|
|
by keturn
5243 days ago
|
|
|
Unless your product is something that builds on Twitter's platform, I wouldn't recommend it. It means your users don't have a choice about how they're authenticated to your site, and A) Failwhale, anyone? B) Twitter doesn't provide serious options for protecting their users' login credentials. It's the same username/password combo which is easily phished & replayable. Sadly, I've pretty much given up on the hope that we'll have a healthy ecosystem of OpenID providers, but at least Google's login system does offer some two-factor options. |
|
|
I'd rather just go the hacker news model. Choose a strong password and if you forget it, we send a new one to your email address.
Works fine, offloads a lot of security issues to email providers (who tend to be good at it), easy to code.