[Chicago-talk] Password strength

Doug Bell madcityzen at gmail.com
Fri Aug 7 09:27:06 PDT 2015

Right. Facebook does the authentication part, which is verifying the person
is who they say they are, then you do the authorization part, which is
"this person is allowed to do ..."

This is useful if you want to streamline the account/login process. It's
not as useful if you want privacy, since it requires your users to have
signed up for Facebook, Twitter, Github, Google, StackExchange, whatever.
Mozilla Persona might have fewer privacy implications.

There's also the possibility of simply not requiring a login at all.
Identify the user based on a cookie, and/or a browser fingerprint. If
identity / security isn't supremely important, and for a lot of webapps,
they aren't, you can remove barriers to participation by forgoing any need
for authentiation.

Doug Bell
preaction at me.com

On Aug 7, 2015, at 11:21 AM, Richard Reina <gatorreina at gmail.com> wrote:

Also, if you can avoid doing your own authentication altogether, delegating
to an OAuth or OpenID provider (Facebook, Twitter, Github, StackExchange,
etc...), then you don't have anything to worry about (cough)

Doug Bell
preaction at me.com

By this do you mean do not collect any passwords but just allow everyone to
just login withe their facebook, twitter, github, etc accounts?

Chicago-talk mailing list
Chicago-talk at pm.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/67198fb5/attachment.html>

More information about the Chicago-talk mailing list