Posted on: Sun, 05/28/2017 - 12:44 By: theman

There has been a trend away from passwords and onto other 'simpler' identity management systems. I quote the simpler because for those of us who do not want to intertwine every aspect of our lives it is anything but.

I realize there are many people for whom the convenience of letting Facebook or another social media platform be the cornerstone of their digital life is a blessing. I know that I am in the minority when I describe using a good password management tool like LastPass to generate unique, secure passwords for every site. People give me quizzical looks and wonder "why would you want to do that?" Unfortunately, I have real-world examples of the losses that can be inflicted when security is not taken seriously.

My point here is that developers shouldn't shortchange their users' security: while you can offer 3rd party API access convenience, don't eliminate other traditional forms of security, preferably with user-controlled TFA and encryption. If it is done by design on the front-end it's easily managed and will prevent the types of news-worthy breaches caused by bolting-on a poor solution late in the game.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.