Authentication using Google/FB/MS vs registration
-
The problem with rolling your own password database is that you have to do it right - encryption, security, etc. Note that in many jurisdictions, any database that contains personally-identifiable information requires extra precautions. Ignoring them can cost you big bucks/euros/... Using FB/Google/etc. gets around some of this requirement, at the cost of adding to the already vast amount of information that they know about your clients (e.g. they know that your clients visit your website). For mainstream sites, IMO most members of the public would be quite happy with authentication via FB/Google/etc. If, OTOH, you are building a site to host discussions about <your favorite conspiracy theory>, you may wish to reconsider. :)
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows. -- 6079 Smith W.
Daniel Pfeffer wrote:
The problem with rolling your own password database is that you have to do it right - encryption, security, etc. Note that in many jurisdictions, any database that contains personally-identifiable information requires extra precautions. Ignoring them can cost you big bucks/euros/...
Yep. And that is why i want to avoid it. it's a lot of work and not that many befits. Usually if i see a option to use Google/FB/MS i take that. But again i have a dummy account just for that. I am not sure if most guys do take that option or not.
-
One is that I don't have any of those accounts, and the main reason is that if an app forces me to log in using social media I suspect they really just want my personal data, my contact lists etc, that they're going to want to constantly bug me to share, to harasses my contacts etc etc.
-
Daniel Pfeffer wrote:
The problem with rolling your own password database is that you have to do it right - encryption, security, etc. Note that in many jurisdictions, any database that contains personally-identifiable information requires extra precautions. Ignoring them can cost you big bucks/euros/...
Yep. And that is why i want to avoid it. it's a lot of work and not that many befits. Usually if i see a option to use Google/FB/MS i take that. But again i have a dummy account just for that. I am not sure if most guys do take that option or not.
CS2011 wrote:
Usually if i see a option to use Google/FB/MS i take that. But again i have a dummy account just for that. I am not sure if most guys do take that option or not.
That is up to them. Creating an additional account is not exactly rocket science...
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows. -- 6079 Smith W.
-
I am building a app (and a online site to go with) and need inputs from you guys regarding using authentication provided by google/FB/MS vs classic way of login (register users and maintain username/password). It's a side project and i am trying to reduce the development time in every possible way without compromising the quality of the app/website. would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
Without a rock-solid reason do not get into building your own user management system...
"The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge". Stephen Hawking, 1942- 2018
-
I am building a app (and a online site to go with) and need inputs from you guys regarding using authentication provided by google/FB/MS vs classic way of login (register users and maintain username/password). It's a side project and i am trying to reduce the development time in every possible way without compromising the quality of the app/website. would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
The other option I've not seen mentioned here is running your own LDAP rather than rolling a database. Every cloud service I've looked at offers the option of spinning up an AD server. It requires a little bit of compliance and maintenance, but it scales well and addresses a number of security concerns out of the box.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor
-
I am building a app (and a online site to go with) and need inputs from you guys regarding using authentication provided by google/FB/MS vs classic way of login (register users and maintain username/password). It's a side project and i am trying to reduce the development time in every possible way without compromising the quality of the app/website. would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
CS2011 wrote:
would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
It can be quite convenient. As others have said, I'm not keen though on having some one-off site gather a bunch of personal information.
CS2011 wrote:
and i am trying to reduce the development time in every possible way
There's quite a few open source examples of using Google/FB/etc for authentication, in a variety of languages. Rolling your own authentication can be a PITA. Besides the obvious (encrypting the password) it requires: Are you sending an email with a link to confirm registration? How does the user change their password? How does the user recover a lost password (more emails usually) What about 2-factor authentication (typically a text message) Which means setting up an email server (along with the associated risk of more open ports and the overhead of setting up yet another secure server), one-time tokens expirable tokens for registration, password change and password recovery, possibly connecting to an SMS provider for 2-factor authentication, and probably CSRF/XSRF/XSS protection. [edit]Oh, and cookies or some other mechanism to implement "Remember Me"[/edit]
Latest Article - A Concise Overview of Threads Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny Artificial intelligence is the only remedy for natural stupidity. - CDP1802
-
I am building a app (and a online site to go with) and need inputs from you guys regarding using authentication provided by google/FB/MS vs classic way of login (register users and maintain username/password). It's a side project and i am trying to reduce the development time in every possible way without compromising the quality of the app/website. would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
-
I am building a app (and a online site to go with) and need inputs from you guys regarding using authentication provided by google/FB/MS vs classic way of login (register users and maintain username/password). It's a side project and i am trying to reduce the development time in every possible way without compromising the quality of the app/website. would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
I'd prefer to not use Google/FB/MS for logging into anything but as a developer I recognize the convenience of utilizing it for speed, ease, and so on. Why do I prefer not to? A multitude of reasons. First... single password, multiple sites. With individual logins I can create a unique password for it. If your site gets compromised, only that site is compromised. Second, the big guys aren't perfect either. Google just admitted it knew about a security bug which gave developers access to private profile data and chose not to disclose it. Facebook just had a bug that allowed your account to be impersonated on linked services. Twitter had that bug where all logins and passwords were being written in plain text to the internal error logs. MS has had their own security problems in the past. I tend to avoid sites and services that force me through one of those routes if there is a viable alternative. I also recognize that those views put me in the minority.
-
No for the same reason as many above I would not use cross website authentication. I do not think you have to write your own either. Plenty of options: Google:
cloud user authentication"If we don't change direction, we'll end up where we're going"
the app/website i am building will be free to use. As per now i am not aware of any service which is providing that free of cost. So my options are limited to use some already written module for user management and maintain the server/security etc or avoid it altogether by using Google/FB/MS etc. In case if you know of any service which provide that service for fee up to say 1000 users definitely i will be willing to give it a try.
-
I am building a app (and a online site to go with) and need inputs from you guys regarding using authentication provided by google/FB/MS vs classic way of login (register users and maintain username/password). It's a side project and i am trying to reduce the development time in every possible way without compromising the quality of the app/website. would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
Sorry, absolutely not. But I'd be happy to create an account at the website (or better yet, use the website as a guest without having to sign in). /ravi
My new year resolution: 2048 x 1536 Home | Articles | My .NET bits | Freeware ravib(at)ravib(dot)com
-
Sorry, absolutely not. But I'd be happy to create an account at the website (or better yet, use the website as a guest without having to sign in). /ravi
My new year resolution: 2048 x 1536 Home | Articles | My .NET bits | Freeware ravib(at)ravib(dot)com
I have a "totally legit" google ID that I use for logging onto websites that allow to be authenticated via one.
