Submitted by theman on Sun, 05/28/2017 - 12:44

There has been a trend away from passwords and onto other 'simpler' identity management systems. I quote the simpler because for those of us who do not want to intertwine every aspect of our lives it is anything but.

I realize there are many people for whom the convenience of letting Facebook or another social media platform be the cornerstone of their digital life is a blessing. I know that I am in the minority when I describe using a good password management tool like LastPass to generate unique, secure passwords for every site. People give me quizzical looks and wonder "why would you want to do that?" Unfortunately, I have real-world examples of the losses that can be inflicted when security is not taken seriously.

My point here is that developers shouldn't shortchange their users' security: while you can offer 3rd party API access convenience, don't eliminate other traditional forms of security, preferably with user-controlled TFA and encryption. If it is done by design on the front-end it's easily managed and will prevent the types of news-worthy breaches caused by bolting-on a poor solution late in the game.

Twitter block