zlacker

[parent] [thread] 3 comments
1. gunapo+(OP)[view] [source] 2023-07-25 16:08:27
Why is removing passwords a massive security win? You're just moving the centralization from a password manager to SSO.
replies(1): >>insani+C5
2. insani+C5[view] [source] 2023-07-25 16:26:14
>>gunapo+(OP)
A few reasons.

1. Instead of needing 100 passwords, which increases the chance of users just choosing something and repeating it, you have 1 password.

2. Similarly, instead of needing 2FA on 100 sites they can just have 2FA on their SSO. In fact, the other sites don't even need to support 2FA - you get that "for free" with SSO.

3. SSO providers implement auth really well. They make it smooth, as in "I don't have to reauth when it's obviously me" and safe, as in "that might not be a valid auth, let's get them to 2fa again".

Of course, if you have a password manager then (1) is not a problem. But SSO is a lot simpler for users.

replies(1): >>JohnFe+1C
◧◩
3. JohnFe+1C[view] [source] [discussion] 2023-07-25 18:13:38
>>insani+C5
As long as using it remains optional, I don't mind that SSO systems exist. But I am personally allergic to them, so I fear the day that they are no longer optional.
replies(1): >>insani+bW
◧◩◪
4. insani+bW[view] [source] [discussion] 2023-07-25 19:32:58
>>JohnFe+1C
I fully advocate for users to be in control over how they choose to identify themselves on the internet. It's part of why I'm against the integrity proposal despite seeing a lot of value in it.
[go to top]