Nice article on these difficult concepts! At the same time I think for most of applications, it's better to not ask user to create yet another password. Most of users don't use password manager and reuse the same password. I wrote an article to actually discuss about this point: dev.to/simplelogin/why-you-shouldn...
I agree with you! However, solutions like SQRL seem like a much better approach to replacing passwords. Where the client is in control of their data, instead of a third-party.
Identity providers can be convenient, but back when I was an average user, I never once used them. Perhaps that's just me, even before I was security and privacy-oriented I tried to never have my stuff all linked up to one account.
I think the future is developers writing installable applications (leaving the clients in control of their data) that are free(as in freedom), open-source, and decentralized(distributed).
Lately, it's just been scary with how much information is collected about us.
Simply put, I think your solution(and nearly all identity providers in the form of third-party servers) is half-solving current problems, but for us to move forward we need to push harder.
And I can see applications being built in the future probably not too far, that are easier to use than SQRL, probably again in the form of asymmetric key cryptography.
This article is especially for you, for people and services who store credentials.
Thanks for your insights! Ease of use is very important and that's the main reason why OpenID 1.0 is replaced or SQRL is not popular.
I don't know about the roadmap of other identity providers but for SimpleLogin, we want to make it open-source so that anyone can setup one for themselves if they want to have total control on the data.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Nice article on these difficult concepts! At the same time I think for most of applications, it's better to not ask user to create yet another password. Most of users don't use password manager and reuse the same password. I wrote an article to actually discuss about this point:
dev.to/simplelogin/why-you-shouldn...
I agree with you! However, solutions like SQRL seem like a much better approach to replacing passwords. Where the client is in control of their data, instead of a third-party.
Identity providers can be convenient, but back when I was an average user, I never once used them. Perhaps that's just me, even before I was security and privacy-oriented I tried to never have my stuff all linked up to one account.
I think the future is developers writing installable applications (leaving the clients in control of their data) that are free(as in freedom), open-source, and decentralized(distributed).
Lately, it's just been scary with how much information is collected about us.
Simply put, I think your solution(and nearly all identity providers in the form of third-party servers) is half-solving current problems, but for us to move forward we need to push harder.
And I can see applications being built in the future probably not too far, that are easier to use than SQRL, probably again in the form of asymmetric key cryptography.
This article is especially for you, for people and services who store credentials.
Thanks for your insights!
Ease of useis very important and that's the main reason why OpenID 1.0 is replaced or SQRL is not popular.I don't know about the roadmap of other identity providers but for SimpleLogin, we want to make it open-source so that anyone can setup one for themselves if they want to have total control on the data.