Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Unless your product is something that builds on Twitter's platform, I wouldn't recommend it. It means your users don't have a choice about how they're authenticated to your site, and

A) Failwhale, anyone?

B) Twitter doesn't provide serious options for protecting their users' login credentials. It's the same username/password combo which is easily phished & replayable.

Sadly, I've pretty much given up on the hope that we'll have a healthy ecosystem of OpenID providers, but at least Google's login system does offer some two-factor options.



From a dev's point of view I really feel that OpenID/OAuth is absolutely not worth the headache.

I'd rather just go the hacker news model. Choose a strong password and if you forget it, we send a new one to your email address.

Works fine, offloads a lot of security issues to email providers (who tend to be good at it), easy to code.


I'd rather just go the hacker news model.

I use Hacker News with OpenID ;)


I like the same model. (send password change token to email). BrowserID from Mozilla may help here too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: