I have always used my own solutions for managing passwords (always hashed). Some straight to the DB others going through LDAP. I am interested in third party auth though such as github.
Thanks for the comment! I think third-party auth offers the best experience, right? But at a little bit of a cost since you don't control access as much. What I mean is that if GitHub cuts off account access, that user loses access to their account on your app too.
It's nice for the user since they have a central point of access, though it has it's issues. Say you require facebook auth and someone doesn't use facebook. Now they have to sign up for facebook just to use your site/service.
But you are right if the third party goes down or removes functionality there is nothing you can do. Using facebook as an example they have a tendency of changing their APIs with little to no notice.
This is part of why a lot of my recent projects have shifted into decentralized authentication providers. But then the experience for end users is really terrible.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I have always used my own solutions for managing passwords (always hashed). Some straight to the DB others going through LDAP. I am interested in third party auth though such as github.
Thanks for the comment! I think third-party auth offers the best experience, right? But at a little bit of a cost since you don't control access as much. What I mean is that if GitHub cuts off account access, that user loses access to their account on your app too.
It's nice for the user since they have a central point of access, though it has it's issues. Say you require facebook auth and someone doesn't use facebook. Now they have to sign up for facebook just to use your site/service.
But you are right if the third party goes down or removes functionality there is nothing you can do. Using facebook as an example they have a tendency of changing their APIs with little to no notice.
This is part of why a lot of my recent projects have shifted into decentralized authentication providers. But then the experience for end users is really terrible.