Hacker Newsnew | comments | show | ask | jobs | submit login

What do people think of services like https://www.loginprompt.com/? (provides logins as a service for your startup)

Isn't this sort of security something we wish we didn't have to learn? And for people who don't take the time maybe it's best to let a third-party handle it.




> Isn't this sort of security something we wish we didn't have to learn?

Absolutely. Time spent on your auth scheme is time you're not spending on building your product. (And half-assing your auth scheme generally comes back to bite people.)

That said, outsourcing it to a centralized provider may not be the best idea for business, user, or security reasons. So it's a balance.

Of course, I'm biased: I work on the Persona team at Mozilla, where we're trying to build a simple, secure, fully decentralized, and open source authentication system that fits that niche rather nicely, but the points above stand: you have to figure out the opportunity cost of your chosen solution. There's no universal answer.

-----


100% agree with you. I love the concept of Persona, but it has a serious cold-start problem. If I could implement it and nothing else on my site, I would, but unfortunately the reality today is that most users don't know it.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: