bangupjobasusual
@bangupjobasusual@lemmy.world
- Comment on Why? 1 week ago:
This is precisely why you should really consider leaning into oauth, your users don’t want another unique password to manage, so guess what, when your creds database gets leaked, it’s not just your site that’s getting screwed.
Look, with new ai tools, security is a very scary place to live. I wouldn’t blow this off. Let the companies that invest millions in it manage this piece for you.
- Comment on Why? 1 week ago:
I wouldn’t change my advice. Even if you go Argon2id, you still have a creds database to protect. If you let that go it’s just a matter of time before it’s useful.
You could go webauthn, but now we are back to passkey or windows hello or whatever. Which is what I told op, they invented passkey, and it’s Still third party reliance.
Source: I’ve been a software architect for 25 years.
- Comment on Why? 2 weeks ago:
You just invented passkey with oauth.
- Comment on Why? 2 weeks ago:
Sorry, yes it is. I’d really prefer it if software developers would take this more seriously. Managing user credentials is a high risk burden that you should avoid if possible.
- Comment on Alpha AF 4 weeks ago:
So… it’s not then?