Why Federate?
-
You’re putting up a new app and need to sign in users, so you use whatever’s popular with the package you’re using: On Rails, typically Devise, on NodeJS Drywall or Passport, on PHP Usercake, and so on. These things will take care of storing and checking usernames and passwords for you. But storing and checking passwords is a bad thing to do. Why? There are too many passwords.
By playing the yet-another-password game, you’re decreasing the security of the whole Internet.
-
You’re putting up a new app and need to sign in users, so you use whatever’s popular with the package you’re using: On Rails, typically Devise, on NodeJS Drywall or Passport, on PHP Usercake, and so on. These things will take care of storing and checking usernames and passwords for you. But storing and checking passwords is a bad thing to do. Why? There are too many passwords.
By playing the yet-another-password game, you’re decreasing the security of the whole Internet.
I am a little hypocritical when it comes to Federation. Like a lot of the commenters on that article I will more often than not refuse to use a federated login when signing up for websites. If the only way in is through FaceBook or Google then I'm not signing up for your site. However, here's where the hypocrisy comes in, I'm working on a website for my own fun and because I'm lazy and don't want to deal with passwords and security right out of the gate, I'll probably make the only registration options go through Google/Facebook/Twitter. Eventually I'll probably roll my own, but initially I'd rather spend my time coding the core of the site, not registration.