My question was in the specific context of implementation in a product.
I think gone are the days where we can quickly roll out a simple auth strategy as such. Which is the reason why Auth0, okta, firebase, and the oAuth2 protocol in general are so popular.
I think 2020 and beyond a โsuccessfulโ auth strategy and implementation would be accompanied with a security accreditation from a third party audit.
Also on the many projects I work on, we constantly have an open feedback loop with legal teams to make sure weโre in compliance of newly emerging privacy laws.
I find people are unnecessarily afraid of saving a damn email (or user name) and password and glorify complexity like social logins give you... Not sure why that all is, but you can't really fight those windmills
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
My question was in the specific context of implementation in a product.
I think gone are the days where we can quickly roll out a simple auth strategy as such. Which is the reason why Auth0, okta, firebase, and the oAuth2 protocol in general are so popular.
I think 2020 and beyond a โsuccessfulโ auth strategy and implementation would be accompanied with a security accreditation from a third party audit.
Also on the many projects I work on, we constantly have an open feedback loop with legal teams to make sure weโre in compliance of newly emerging privacy laws.
sorry i am not a native english speaker, maybe you can rephrase your question?
why can't you quickly roll out an auth strategy? is saving a user and its password hash not legal anymore?
I find people are unnecessarily afraid of saving a damn email (or user name) and password and glorify complexity like social logins give you... Not sure why that all is, but you can't really fight those windmills