> On Feb 10, 2015, at 1:06 PM, Martin v. Löwis <mar...@v.loewis.de> wrote: > > Am 10.02.15 um 18:33 schrieb Donald Stufft: >>> Can you please elaborate on that position? Why is it useful to have >>> separate accounts on separate systems? >> >> Sure. > > Thanks! Just one comment - without the desire to get into a long-winded > discussion. > >> 1. I feel like the goal of federated auth has failed in general and is >> unlikely >> to ever succeed. As a user of websites I have over 400 different entries in >> my password manager, even if 50% of them implement federated auth (which I >> feel like is a high number but that's not backed by math, just gut feeling) >> that's still over 200 entries I need to maintain in my password manager. In >> this case federated auth has not meaningfully reduced the burden of >> maintaining password for me since maintaining 200 isn't any easier than 400 >> and instead it just complicates my login flow > > I think this is your personal usage primarily. A lot of user just avoid > having to use a password manager, and use the same password on many > systems. (Of course, many people also *do* use different passwords, and > some also use passwords managers)
Sure! Lots of people do absolutely just re-use passwords. Though I don’t think many of those same users are likely to be (knowingly at least) using OpenID. They’re more likely to use the “Sign in With X” buttons where X is something like Google, Facebook, Twitter, etc. Which I dislike (except in cases where you need to optimize for low impact user accounts like blog comments) because they are an explicit relationship with another entity without any power to influence what they do with the trust you grant them by letting them control log ins to your site. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
