This is why you shouldn't rely on third-party auth. Everyone using their own aut... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

hakaaaaak on Feb 20, 2013 | parent | context | favorite | on: How we hacked Facebook with OAuth2 and Chrome bugs

This is why you shouldn't rely on third-party auth. Everyone using their own auth may be more trouble for the user, but SSO through a private third-party that the largest portion of users already use, is just asking for it. Don't get me wrong, SSO is not bad. But, the bigger the subject, the more resources will try to hack it. This can make the subject stronger and more secure over the long-term, potentially, but in the meantime, you have to live with being hacked much more frequently. Why not learn from others' mistakes rather than be their victim, when it comes to security?

cmwright on Feb 20, 2013 [–]

Fair but sometimes it's unavoidable when you're trying to use third party APIs such as Facebook or Google. The only option is to allow some sort of external login (be it oauth or something similar)

shurane on Feb 20, 2013 | [–]

Is there a solid alternative to OAuth that's third-party and not roll it your own?

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact