|
|
|
|
|
|
by callahad
5041 days ago
|
|
|
> I've always wondered why more websites/apps didn't have their own user database Because your password database is a liability. And it's a huge pain in the ass to store securely. And a breach at another site can harm your users if they re-used their password. And there's a huge amount of friction when you ask users to create and manage yet another password. Seriously, traditional login systems suck. They're great for privacy and maintaining direct control over your user data, but they're a huge pain. I don't want to shill, but Mozilla is aiming to address the bulk of this with Persona (https://developer.mozilla.org/en-US/docs/Persona), which will have an api-stable "beta" release in about two weeks. However, it works right now and has been deployed on sites like https://voo.st/ as an alternative to forced-social login. |
|
|
Arguably it's a greater liability for a business to be dependent on a third party for a connection with their users. It means they lose important user data like email (they have to ask for it usually), they're tied to that provider, and their website breaks for those users if that third party service goes down or is unreliable.
If you store your passwords securely you can't leak them, only a hash, but I agree it's a pain for users to manage multiple passwords/identities and can lead to too much password sharing.
Persona looks far more interesting than social login as it addresses the issue with who owns controls user data/logins and does not have a single point of failure, plus it provides the email.