You make a good point Ray - about using a password-less system - and you can do that with Auth0 and Okta too:
https://auth0.com/docs/connections/passwordless <https://auth0.com/docs/connections/passwordless> https://www.okta.com/passwordless-authentication/ <https://www.okta.com/passwordless-authentication/> But there are drawbacks with that too: https://www.helpnetsecurity.com/2019/07/18/true-passwordless-authentication/ <https://www.helpnetsecurity.com/2019/07/18/true-passwordless-authentication/> Given that you may want to authenticate someone with a password they already know… the “win” is that letting them use Apple, Facebook, etc. is that they don’t have manage yet-another-password. While it seems like a “win” I listened to Chris at scotch.io <http://scotch.io/> talk about it being “fun” to add Apple, Facebook, etc. logins to his sites. He got like 300% more signups but then… very few of those actually paid for his services. He slated it as easy to signup just means people quickly look around but aren’t really serious. AARON ROSENZWEIG / Chat 'n Bike <http://www.chatnbike.com/> e: aa...@chatnbike.com <mailto:aa...@chatnbike.com> t: (301) 956-2319 > On Jun 1, 2020, at 9:40 PM, Ray Kiddy via Webobjects-dev > <webobjects-dev@lists.apple.com> wrote: > > What problem are you trying to solve? Are you wanting to not store passwords? > Even if you use a third-party solution, you are still going to store > user-specific configuration information, yes? Or are you handing all of that > to Apple? > > I have apps that are secure and I do not store passwords. > > Somebody comes in to the app, I get their e-mail address and sent them an > "invite" into the app. This is exactly as secure as any password-storage > system that uses e-mail to reset passwords. Do I have to worry about the > security of my password tables? No. Do I have to worry about whether I have > picked the right encryption? No. Do I have to worry about whether I have > salted the passwords correctly? No. Do I have to make people store their > 327th password? No. Because I do not use passwords. > > I can even use 2FA on top of that. > > The real problem with using systems like AppleID or Facebook authentication > is that gives people an illusion of security while creating a single, > incedibly massive point of failure. So why do that? > > - ray > > > On 5/31/20 5:35 AM, Jesse Tayler via Webobjects-dev wrote: >> I thought to myself, say — I should support "Sign in with Apple” — and >> wondered if anyone has experiences they’d like to share about integrating >> with your WO Apps?? >> >> >> _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) >> Help/Unsubscribe/Update your Subscription: >> https://lists.apple.com/mailman/options/webobjects-dev/ray%40ganymede.org >> >> This email sent to r...@ganymede.org > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/aaron%40chatnbike.com > > This email sent to aa...@chatnbike.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
