|
|
|
|
|
|
by potatolicious
5041 days ago
|
|
|
I've always wondered why more websites/apps didn't have their own user database, with Facebook credentials as merely a link to an underlying record that the website actually owns. This way if you one day want to run far, far away from the FB monster you're already set - the behavior of your app doesn't break horrifically, and you can devise a seamless/pain-free transition for FB-authenticated users to create a password. |
|
|
Because your password database is a liability. And it's a huge pain in the ass to store securely. And a breach at another site can harm your users if they re-used their password. And there's a huge amount of friction when you ask users to create and manage yet another password.
Seriously, traditional login systems suck. They're great for privacy and maintaining direct control over your user data, but they're a huge pain.
I don't want to shill, but Mozilla is aiming to address the bulk of this with Persona (https://developer.mozilla.org/en-US/docs/Persona), which will have an api-stable "beta" release in about two weeks. However, it works right now and has been deployed on sites like https://voo.st/ as an alternative to forced-social login.