Re-using the same password for different websites is bad in terms of security as if a hacker got his hand on a website's database, he/she will have...
For further actions, you may consider blocking this person and/or reporting abuse
I have found that a lot of users avoid social login buttons because they "don't see what X has to do with this product or system." X being Facebook, Twitter, Google and so on.
As far as adoption is concerned, do you have any tips on how we can better convey social login as a good alternative?
I think what’s missing until now is the Identity Provider is usually a social network which is much more than a mere Identity Provider. Users will surely have doubts if a tax-optimization company proposes the Login with Facebook button.
If we have a single-focused Identity Provider which devotes itself to the job of authentication people would more likely accept it everywhere. This Identity Provider should be also be trusted of never cross-link data.
SimpleLogin wants to be this Identity Provider but I’m still working on the how to increase trust part, if you have any idea, please let me know!
I moved away from using popular services to log into third-party sites.
So, it was back to password managers for me. I can use different passwords for different applications. And, everything stays encrypted + 2FA secured.
I understand that I risk security if my master password or become a target for SIM jacking - but risks come bundled with compromises and ease-of-use :)
Totally agree! I’m also currently using Bitwarden to manage my passwords because of the lack of a trustful Identity Provider.
What do you think if we have an Identity Provider that:
SimpleLogin wants to be this Identity Provider that people can trust, both in terms of security and privacy. If you have any idea what’s missing to make you change your mind (ie not creating accounts for every service) please let me know!
Social Login is a no-go for me. What happens when facebook shuts down my social login for literally no reason and I have to wait 3 days (or longer, or it's permanent) and my users can't login?
Wait, did I login to this website with my github, fb, or twitter account, or vanilla email?
Do I really have to make a Twitter account just to login to this website?
Social login: now I can't do the my.normal.email+name.of.website@gm... thing to catch who sold my email to spammers.
Way more problems than just using lastpass/bitwarden.