Software engineer with 4+ years of experience in building products for numerous domains like fin-tech, real estate, video streaming, retail, and now e-commerce.
Yes, I prefer OAuth. Think about your audience can't remember password which they created during signup. Also, you don't have to implement app logic for sign up and sign-in process. Also, Big companies maintain the highest security for OAuth so why waste time for creating it focus on business logic.
I recommended you to implement OAuth in your application. OAuth type depends on your audience.
Think about your audience can't remember passwords which they created during signup
That's why there are password managers.
I know 99% of time it should be the developers' job to make the users' lives easier, but I think that case fits in the 1% left.
Also you don't have to implement app logc for sign up and signing.
That's called laziness :)
I strongly believe email/password should remain the default and OAuth should only be implemented in addition of it and not instead. Forcing a user to authenticate via another account (social media most of the time) feels like an unnecessary complexity. Some people like their accounts to be independent. Some people dislike social media. Some people might just not have the required accounts to use OAuth. A lot of people have a lot of reasons to dislike (or not be able to use) OAuth.
Thanks Sagar and Quentin for your feedback and also thoughtful discussions regarding OAuth and email/password. Everything you both have shared are great points to think through.
Software engineer with 4+ years of experience in building products for numerous domains like fin-tech, real estate, video streaming, retail, and now e-commerce.
Yes, I prefer OAuth. Think about your audience can't remember password which they created during signup. Also, you don't have to implement app logic for sign up and sign-in process. Also, Big companies maintain the highest security for OAuth so why waste time for creating it focus on business logic.
I recommended you to implement OAuth in your application. OAuth type depends on your audience.
That's why there are password managers.
I know 99% of time it should be the developers' job to make the users' lives easier, but I think that case fits in the 1% left.
That's called laziness :)
I strongly believe email/password should remain the default and OAuth should only be implemented in addition of it and not instead. Forcing a user to authenticate via another account (social media most of the time) feels like an unnecessary complexity. Some people like their accounts to be independent. Some people dislike social media. Some people might just not have the required accounts to use OAuth. A lot of people have a lot of reasons to dislike (or not be able to use) OAuth.
Thanks Sagar and Quentin for your feedback and also thoughtful discussions regarding OAuth and email/password. Everything you both have shared are great points to think through.
You're most welcome...