Re: Sign in with apple?
Re: Sign in with apple?
- Subject: Re: Sign in with apple?
- From: Aaron Rosenzweig via Webobjects-dev <email@hidden>
- Date: Mon, 1 Jun 2020 21:50:16 -0400
You make a good point Ray - about using a password-less system - and you can do
that with Auth0 and Okta too:
https://auth0.com/docs/connections/passwordless
<https://auth0.com/docs/connections/passwordless>
https://www.okta.com/passwordless-authentication/
<https://www.okta.com/passwordless-authentication/>
But there are drawbacks with that too:
https://www.helpnetsecurity.com/2019/07/18/true-passwordless-authentication/
<https://www.helpnetsecurity.com/2019/07/18/true-passwordless-authentication/>
Given that you may want to authenticate someone with a password they already
know… the “win” is that letting them use Apple, Facebook, etc. is that they
don’t have manage yet-another-password.
While it seems like a “win” I listened to Chris at scotch.io
<http://scotch.io/> talk about it being “fun” to add Apple, Facebook, etc.
logins to his sites. He got like 300% more signups but then… very few of those
actually paid for his services. He slated it as easy to signup just means
people quickly look around but aren’t really serious.
AARON ROSENZWEIG / Chat 'n Bike <http://www.chatnbike.com/>
e: email@hidden <mailto:email@hidden> t: (301) 956-2319
> On Jun 1, 2020, at 9:40 PM, Ray Kiddy via Webobjects-dev
> <email@hidden> wrote:
>
> What problem are you trying to solve? Are you wanting to not store passwords?
> Even if you use a third-party solution, you are still going to store
> user-specific configuration information, yes? Or are you handing all of that
> to Apple?
>
> I have apps that are secure and I do not store passwords.
>
> Somebody comes in to the app, I get their e-mail address and sent them an
> "invite" into the app. This is exactly as secure as any password-storage
> system that uses e-mail to reset passwords. Do I have to worry about the
> security of my password tables? No. Do I have to worry about whether I have
> picked the right encryption? No. Do I have to worry about whether I have
> salted the passwords correctly? No. Do I have to make people store their
> 327th password? No. Because I do not use passwords.
>
> I can even use 2FA on top of that.
>
> The real problem with using systems like AppleID or Facebook authentication
> is that gives people an illusion of security while creating a single,
> incedibly massive point of failure. So why do that?
>
> - ray
>
>
> On 5/31/20 5:35 AM, Jesse Tayler via Webobjects-dev wrote:
>> I thought to myself, say — I should support "Sign in with Apple” — and
>> wondered if anyone has experiences they’d like to share about integrating
>> with your WO Apps??
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden