Re: Sign in with apple?
Re: Sign in with apple?
- Subject: Re: Sign in with apple?
- From: Ray Kiddy via Webobjects-dev <email@hidden>
- Date: Mon, 1 Jun 2020 18:40:27 -0700
What problem are you trying to solve? Are you wanting to not store
passwords? Even if you use a third-party solution, you are still going
to store user-specific configuration information, yes? Or are you
handing all of that to Apple?
I have apps that are secure and I do not store passwords.
Somebody comes in to the app, I get their e-mail address and sent them
an "invite" into the app. This is exactly as secure as any
password-storage system that uses e-mail to reset passwords. Do I have
to worry about the security of my password tables? No. Do I have to
worry about whether I have picked the right encryption? No. Do I have to
worry about whether I have salted the passwords correctly? No. Do I have
to make people store their 327th password? No. Because I do not use
passwords.
I can even use 2FA on top of that.
The real problem with using systems like AppleID or Facebook
authentication is that gives people an illusion of security while
creating a single, incedibly massive point of failure. So why do that?
- ray
On 5/31/20 5:35 AM, Jesse Tayler via Webobjects-dev wrote:
I thought to myself, say — I should support "Sign in with Apple” — and
wondered if anyone has experiences they’d like to share about integrating with your
WO Apps??
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden