

How I got my leg tied to the radiator because of Facebook - Murkin
http://blog.itlater.com/how-i-got-my-leg-tied-to-the-radiator-because-of-facebook/

======
simonw
If you're implementing Facebook Connect on your own site, you should make sure
you offer people the option to later set up a username and password for their
account (or associate another OpenID or similar) to avoid this exact problem.

~~~
wesley
Got any examples of sites that do this right?

~~~
dazmax
Facebook makes it very easy for everyone. As a developer, there is a place in
the Facebook Connect settings to put a url that they will send the user's id
to in the event that the user disables their Facebook account but wants to
keep their account with your site.

------
cmelbye
Facebook has a procedure for handling this problem, and it seems as if they
recommend that website owner's follow it.

[http://wiki.developers.facebook.com/index.php/Reclaiming_Acc...](http://wiki.developers.facebook.com/index.php/Reclaiming_Accounts)

<http://grab.by/2Tn6>

------
nfnaaron
"But with the UX failures of OpenID ..."

I see this often, and I don't get it. I go to a site that accepts OpenID and
click the button. If I'm already signed in to OpenID, I'm in. If not, my
OpenID provider's page pops up, I sign in, and I'm in.

Are other OpenID experiences not that simple, or am I so out of touch that I
don't recognize that "OpenID is hard!"?

~~~
patio11
Given that the average Internet user is _much_ closer to "Googles [facebook
login] to get into Facebook and assumes the first result is right" than they
are to "Implemented OpenID for their day job", and that I'm in the second
group and _still_ can't reliably speak about the subject without having a
glossary in front of me, I'm thinking if you even have to say "OpenID
provider" you've already lost.

~~~
nfnaaron
"... I'm thinking if you even have to say "OpenID provider" you've already
lost."

Yeah, I've tried to explain the OpenID idea (just the idea) to people, and I
just get crickets.

------
_delirium
Seems particularly troublesome because of cascading failure, not just when
deliberately deleting your own account. Facebook regularly suspends accounts
for all sorts of reasons, and I'm not sure there's enough transparency and
oversight in why and how they do it, and what the process is for getting
access restored, to trust them as an general-purpose authentication
gatekeeper.

~~~
AnneTheAgile
What do you think about the Twitter Sign-in API? I like that Twitter involves
delimited, public information, so linking it to other accounts may be less
problematic.

~~~
_delirium
Twitter can also suspend your account for strange reasons, though:
<http://www.bogost.com/blog/cascading_failure.shtml>

------
mgrouchy
This is why I don't use facebook connect for anything. Sadly, I hadn't the
foresight when I started using my google account to sign up for stuff.

~~~
philcrissman
I don't use it either; I've never really thought much about it, but part of
the reason is certainly because I don't want to tie anything I'm doing online
irrevocably to FB.

Twitter OAuth is analogous, though I'm much less cautious about using that. I
see twitter outlasting FB, but I've been wrong before...

------
Vitaly
I'm trying to use as much OpenID as I can. But I don't have to trust my openid
provider (myopenid) to stay forever. I have my own domain, and I have amazon
S3 account. so I just cnamed id.mydomain.com to S3 and uploaded a simple
OpenID delegation file to S3 which is now accessible at id.mydomain.com/vitaly
which is the url I use to signup for services. If I ever decide to leave
myopenid (and I started thinking about switching to google, since I'm always
logged into gmail) I can just switch the text file and it will just work.

