|
|
|
|
|
|
by jordan0day
4821 days ago
|
|
|
It's still pretty new (as the link states, it's still in beta). I'd say that is probably a big part of it. That, and the whole federated/shared/social login space is confusing! First there was OpenID, but then everyone jumped to OAuth. But wait, OAuth isn't really about authentication?! Throw in xAuth and all of Eran Hammer's rants, and you quickly realize that anything resembling consensus is pretty tenuous, at best. Persona looks solid, though -- here's hoping browser developers jump on board quickly. I'm concerned that OAuth's delegated authentication mechanism might remain king for a lot of free web apps, though. The ability to require permissions to post (spam) to your users timeline/wall (even if it's not actually needed by your application) is probably pretty tempting for someone trying to work every angle possible to make money from their application. Every angle other than actually charging for their service, that is. |
|
|
Also, people recognize Facebook and Google as brands they already have accounts with. When a user sees a big blue/red Sign In With Facebook/Google button, that's an easier decision than hand-keying your credentials (especially on a tiny and slow mobile keyboard). Moreover, users trust Facebook and Google to know how to secure their passwords better than randomsiteijustfound.com, so they may believe OAuth is safer than trusting that randomsiteijustfound.com's developer knows how to properly hash a password.