[Chicago-talk] Password strength
Joel Limardo
joel.limardo at forwardphase.com
Fri Aug 7 09:25:48 PDT 2015
"...By this do you mean do not collect any passwords but just allow
everyone to just login withe their facebook, twitter, github, etc
accounts?..."
One thing to think about here is that using an OAuth that uses Facebook or
some other system then a third party now has/stores potentially identifying
information about you as well as possible metrics about your usage,
frequency of use, etc. of the application. If you were in a foreign country
with a repressive government and, let's say, that organization was under
some kind of agreement to share this information with said government they
might just show up at your door after a few logins to the 'Freedom for
Panau Online Database'...
On Fri, Aug 7, 2015 at 11:20 AM, Richard Reina <gatorreina at gmail.com> wrote:
>
> Also, if you can avoid doing your own authentication altogether,
> delegating to an OAuth or OpenID provider (Facebook, Twitter, Github,
> StackExchange, etc...), then you don't have anything to worry about (cough)
>
> Doug Bell
> preaction at me.com
>
>
>
> By this do you mean do not collect any passwords but just allow everyone
> to just login withe their facebook, twitter, github, etc accounts?
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/96e2598c/attachment.html>
More information about the Chicago-talk
mailing list