Authentication mechanism comparison
https://stackoverflow.com/questions/2432971
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have to start a new project where user authentication/management will be required.
A lot of websites use existing authentication mechanisms like facebook/twitter/openID/google/etc (even SO).
While I might understand that they are used to simplify some parts of this workflow can someone enumerate the pluses and minuses of using one of these authentication mechanisms vs. an usual user creation and what should I look for when I do this?
Thanks in advance!
Solution
Here are a few:
Advantages of using external auth (like openId)
- For the user, fewer account names/passwords to keep track of
- For you, don't have to manage password resets etc.
Disadvantages
- Ties you to an external service (if google/facebook is down, so are you)
- Your site is only as secure as the external site(s) you trust as id providers
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
