|
|
|
|
|
|
by callahad
4978 days ago
|
|
|
> Isn't this sort of security something we wish we didn't have to learn? Absolutely. Time spent on your auth scheme is time you're not spending on building your product. (And half-assing your auth scheme generally comes back to bite people.) That said, outsourcing it to a centralized provider may not be the best idea for business, user, or security reasons. So it's a balance. Of course, I'm biased: I work on the Persona team at Mozilla, where we're trying to build a simple, secure, fully decentralized, and open source authentication system that fits that niche rather nicely, but the points above stand: you have to figure out the opportunity cost of your chosen solution. There's no universal answer. |
|
|