Comment on Why?
limer@lemmy.ml 8 hours agoIf one cannot protect their database, then there is a lot of other issues going on besides how one authenticates.
Over the years , I’ve read about some security issues with different social logins, and a few of them have been serious. One never knows when the next vulnerability is.
At the end of the day, everything has a vulnerability, and the best way to mitigate against that is best practices, and keeping up with news. That, and a bit of luck.
I have created my own login systems multiple times, and probably violated over a hundred best practices. I don’t know what a best login system looks like, but I have enough experience to find flaws with all of them now. And I am not confident in anything I use. Even if I only use battle tested systems made by large groups of peoples
bangupjobasusual@lemmy.world 6 hours ago
This is precisely why you should really consider leaning into oauth, your users don’t want another unique password to manage, so guess what, when your creds database gets leaked, it’s not just your site that’s getting screwed.
Look, with new ai tools, security is a very scary place to live. I wouldn’t blow this off. Let the companies that invest millions in it manage this piece for you.