

Ask HN: Is it the time to introduce OProfile like OAuth  - santoshmaharshi

Signupp and SignIn in the multi-device world is so frustrating. Keeping one single password on 50 websites and 100 apps is not a good idea as well.<p>I had big hopes with the Open authentication or even with properties like Google and Facebook that they will ultimately solve this problem. But that never happened.<p>Infact, I have had bad experiences with spammy and dubious sites which ask for Facebook authentication,<p>I was thinking if there&#x27;s a scope for much more elegant solution. To collect information in layered format from my name, email address, age, sex, location, interest, etc but to never store my password.<p>Can this solution solve privacy problem ?. There will be always site who would like to understand more from my usage patterns and behaviour.<p>But why, why today there isn&#x27;t an elegant solution to share basic profile information with sites just for purpose of using it.<p>Would it make sense to add profile layer to authentication information by such open source solution.<p>Or to introduce a standard which define shareable profile information from one app to another. Do we know or don&#x27;t  we have right to know what facebook&#x2F;linkedin can share with others ?
======
DjangoReinhardt
Security risk.

Somewhat similar to the reason you don't keep all your money in one financial
institution. Imagine what would happen if you served/consumed everything with
credentials from only one SSO provider and that SSO provider got breached. If
your profile were to be attached along with your SSO, your entire identity
then becomes at risk.

While I do not like remembering thousands of usernames and passwords, I
swallow it as the bitter pill that comes with the necessity of keeping my eggs
in different baskets.

~~~
santoshmaharshi
You are right, theres a risk and challenge to solve. I was suggesting oft not
the complete profile and learnable auto updating profile information but only
the most basics one Name, Age, Sex, Location, Email Address. Only these basics
which are required to use a website or a app. I agree, security will be the
key here. I am hopeful in future, someone will come up with a solution, till
then the bitter pill :)

